Tidy up - Unused Project and Nuget package reference using Visual Studio 2019

If you are a Developer/Architect using Visual Studio as IDE for your development activities, this blog post will be of your interest. During the Ignite 2021 conference, Microsoft released Visual Studio 2019 v16.9 and v16.10 Preview 1. As part of version 16.10 Preview 1, one of the cool features they introduced is to "Remove Unused References..." for any Projects and Nuget packages that are not in use. At the time of writing this blog post, we have Visual Studio Version 16.10.0 (official release) which includes this new feature.  As part of development, we generally get carried away and introduce new Nuget package references to your project and add new references to your Projects. By the end of development, you will not be 100% sure which are not being referenced and unused which means you will leave those unused project references in your application. Now you might be wondering what's the big deal in it since it doesn't harm. The advantage of removing unused project r...
Post a Comment

Customer-Managed Keys for Azure CosmosDB & Container Registry

In May 2020, as part of Microsoft Build conference few key announcements were made for Microsoft Azure service. In this blog post, I will be covering updates related to Customer-managed keys which were made GA for Azure service - CosmosDB and Azure Container Registry.

What is Customer-managed key?

By default various resource provider in Azure implement encryption at Rest. Implementation of this encryption at Rest by default will be using Service-Managed keys which Microsoft manages internally. But in few scenarios users/customers want to control this keys that's where customer-managed key comes into picture. Two Azure service which we are talking in this post now have this capability (GA). 
Note: You must store customer-managed keys in Azure Key Vault 

Customer-managed key for CosmosDB

Customer-managed keys enables users to take total control over the keys used by Azure Cosmos DB to encrypt their data at rest. With CosmosDB your data is always encrypted with service-managed-keys when you choose customer-managed-key it adds a second layer encryption.
Image source: Microsoft Documentation

As mentioned above customer-managed keys needs to be stored in Azure Key Vault. As part of provisioning CosmosDB, customer-managed-key in the Encryption step is optional. Will be used only if user want to use their own keys for additional layer of encryption.

No additional charge to enable customer-managed-key. With customer-managed-key, Request Units will see an slight increase to support additional layer of encryption and decryption of your data.

If you relate to AWS, this feature is similar to DynamoDB using AWS Key management service. How cool now we have the similar feature in Azure.

Things to know:
  • Currently, customer-managed keys are available only for new Azure Cosmos accounts. You can configure only during CosmosDB provisioning.
  • Customer-managed keys needs to be stored in Azure Key Vault

Customer-managed key for Azure Container Registry (ACR)

Managed keys for Azure Container Registry are now available for new registries. By using your own key stored in an Azure Key Vault lets you to encrypt your images and artifacts. When you use customer-managed-key its an additional encryption layer on top of service-managed-keys.

As mentioned above customer-managed keys needs to be stored in Azure Key Vault. This feature is available on the Premium container registry service tier

Things to know:
  • Currently, customer-managed key can be enabled only when you create a new registry.
  • Customer-managed keys needs to be stored in Azure Key Vault
  • After enabling customer-managed key it can't be disabled
  • If you have enabled customer-managed key, content-trust feature is not supported on registry.

References:

Comments

Post a Comment

Popular posts from this blog

Tidy up - Unused Project and Nuget package reference using Visual Studio 2019

Image
If you are a Developer/Architect using Visual Studio as IDE for your development activities, this blog post will be of your interest. During the Ignite 2021 conference, Microsoft released Visual Studio 2019 v16.9 and v16.10 Preview 1. As part of version 16.10 Preview 1, one of the cool features they introduced is to "Remove Unused References..." for any Projects and Nuget packages that are not in use. At the time of writing this blog post, we have Visual Studio Version 16.10.0 (official release) which includes this new feature.  As part of development, we generally get carried away and introduce new Nuget package references to your project and add new references to your Projects. By the end of development, you will not be 100% sure which are not being referenced and unused which means you will leave those unused project references in your application. Now you might be wondering what's the big deal in it since it doesn't harm. The advantage of removing unused project r...
Read more

Swagger UI for Azure Function v2 & v3 APIs

Image
In this blog post, we will see how to setup Swagger UI for Azure Function APIs in v2 and v3. Now you might be wondering why Swagger? Swagger is a language-agnostic specification for describing REST APIs, it also referred to as OpenAPI. Swagger UI offers a web-based UI that provides information about your REST APIs service. Prerequisites HTTP trigger Azure function provisioned or created in C# Azure DI enabled on Azure Function, for more details refer here  with relevant package version installed based on Azure Function version. Integrating Swagger UI into our Applications 1. Install the appropriate package based on the Azure Function version which you are dealing with from the below table. Unfortunately, it's not a single package for both versions due to Azure function v3 because v3 makes use of ASP.NET Core 3.1 which introduces a new serializer System.Text.Json (STJ) out-of-the-box.  Azure Function Version  Nuget package  v2         ...
Read more

Authenticate Azure Functions - API Keys

Image
In this blog post, we will see one of the ways to secure your Azure Functions using API keys. Security plays a key role as part of SDLC (Software Development Life Cycle) doesn't matter whether it's exposed to the client/public or even if it's internal. There are multiple ways to secure your Azure Functions like API Keys, Certificate,  API Mgmt, App Service Authentication, etc. If you are new to the Cloud and Azure Functions but want to make a start with minimal effort and less setup of Infrastructure, then API Keys is the ideal choice. Azure Functions allows you to secure HTTP-triggered functions by API access key in the request. As part of creating new Azure Functions, we can select the Authorization Level enum value. If we set the Authorisation level to  Anonymous,  no security applied which means no authentication applied for the endpoint. Authorization Level - Function By setting the Authorisation level to Function each Azure Functions require a specific API key to Au...
Read more