Tidy up - Unused Project and Nuget package reference using Visual Studio 2019

If you are a Developer/Architect using Visual Studio as IDE for your development activities, this blog post will be of your interest. During the Ignite 2021 conference, Microsoft released Visual Studio 2019 v16.9 and v16.10 Preview 1. As part of version 16.10 Preview 1, one of the cool features they introduced is to "Remove Unused References..." for any Projects and Nuget packages that are not in use. At the time of writing this blog post, we have Visual Studio Version 16.10.0 (official release) which includes this new feature.  As part of development, we generally get carried away and introduce new Nuget package references to your project and add new references to your Projects. By the end of development, you will not be 100% sure which are not being referenced and unused which means you will leave those unused project references in your application. Now you might be wondering what's the big deal in it since it doesn't harm. The advantage of removing unused project r...
Post a Comment

How to Audit - Azure Key Vault?

In this blog post, we will see how to send logs and metrics for the Azure Key Vault which can be used for auditing.

Azure Key Vault Overview

Azure Key Vault provides a way to store securely keys, secrets, and certificates in a centralized location. Key Vault greatly reduces the chances of secrets being accidentally leaked, by simplified administration of application secrets. Azure Key Vault solution is not just for Cloud Solutions it can be integrated with on-premise as well. Integration with other Azure services is simplified with a managed identity. Azure Key Vault is not just only for Application secrets (Development) it goes well with Infrastructure team like DevOps where Passwords, Certificate, etc can be managed related to Infrastructure additionally Integration with Azure DevOps makes it more powerful.

Things that can go in your vaults are:
  1. Application secrets 
    • Connection strings
    • API keys
    • Tokens
    • Passwords etc
  2. Certificates
  3. Encryption Keys

Audit Enabling on Key Vault

Azure Key Vault can be secured by using several built-in mechanisms/concepts using any of the approaches mentioned like Access policies, Firewall (using VPN, etc), Access Restrictions, Managed Identity. In spite of all security features, you will be interested to know who and when they accessed your Key Vault. In this post, we will explore how as shown below.

After you create key vaults, you'll likely want to monitor how and when your key vaults are accessed, and by whom. You can do this by enabling logging for Azure Key Vault, which saves information in an Azure storage account that you provide. With logging, we can set up alerts in Azure Monitor for any changes to your vaults.

In the Overview tab, we will be able to see some basic monitoring stats as shown below but it doesn't give details like from where and which service accessed, etc.

Diagnostic settings for Azure Key Vault

  • To enable auditing to navigate to Diagnostic setting blade from key vault in the Azure Portal:

  • From the above blade, you can either edit or configure a new diagnostic setting. As part of configuring ensure you select Audit Event and Destination details to LogAnalytics workspace which provides the capability to configure alerts like sending email and other integration etc.
  • To view the audit information navigate to Logs and run the Log Analytics query like query based on Caller IP address, Operation name, etc. You have options to switch between Simple Logs and Query Editor based on your preference. Below are some sample queries 

AzureDiagnostics
| where ResourceProvider == "MICROSOFT.KEYVAULT"
| summarize count() by OperationName   

AzureDiagnostics
| where httpStatusCode_d >= 200 
| summarize count() by  requestUri_s, ResultSignature, httpStatusCode_d

AzureDiagnostics
| summarize count() by CallerIPAddress

Note: Log Analytics workspace must be in the same region as your Azure Key Vault.

References

Comments

Post a Comment

Popular posts from this blog

Tidy up - Unused Project and Nuget package reference using Visual Studio 2019

Image
If you are a Developer/Architect using Visual Studio as IDE for your development activities, this blog post will be of your interest. During the Ignite 2021 conference, Microsoft released Visual Studio 2019 v16.9 and v16.10 Preview 1. As part of version 16.10 Preview 1, one of the cool features they introduced is to "Remove Unused References..." for any Projects and Nuget packages that are not in use. At the time of writing this blog post, we have Visual Studio Version 16.10.0 (official release) which includes this new feature.  As part of development, we generally get carried away and introduce new Nuget package references to your project and add new references to your Projects. By the end of development, you will not be 100% sure which are not being referenced and unused which means you will leave those unused project references in your application. Now you might be wondering what's the big deal in it since it doesn't harm. The advantage of removing unused project r...
Read more

Swagger UI for Azure Function v2 & v3 APIs

Image
In this blog post, we will see how to setup Swagger UI for Azure Function APIs in v2 and v3. Now you might be wondering why Swagger? Swagger is a language-agnostic specification for describing REST APIs, it also referred to as OpenAPI. Swagger UI offers a web-based UI that provides information about your REST APIs service. Prerequisites HTTP trigger Azure function provisioned or created in C# Azure DI enabled on Azure Function, for more details refer here  with relevant package version installed based on Azure Function version. Integrating Swagger UI into our Applications 1. Install the appropriate package based on the Azure Function version which you are dealing with from the below table. Unfortunately, it's not a single package for both versions due to Azure function v3 because v3 makes use of ASP.NET Core 3.1 which introduces a new serializer System.Text.Json (STJ) out-of-the-box.  Azure Function Version  Nuget package  v2         ...
Read more

Authenticate Azure Functions - API Keys

Image
In this blog post, we will see one of the ways to secure your Azure Functions using API keys. Security plays a key role as part of SDLC (Software Development Life Cycle) doesn't matter whether it's exposed to the client/public or even if it's internal. There are multiple ways to secure your Azure Functions like API Keys, Certificate,  API Mgmt, App Service Authentication, etc. If you are new to the Cloud and Azure Functions but want to make a start with minimal effort and less setup of Infrastructure, then API Keys is the ideal choice. Azure Functions allows you to secure HTTP-triggered functions by API access key in the request. As part of creating new Azure Functions, we can select the Authorization Level enum value. If we set the Authorisation level to  Anonymous,  no security applied which means no authentication applied for the endpoint. Authorization Level - Function By setting the Authorisation level to Function each Azure Functions require a specific API key to Au...
Read more