Saturday, November 25, 2017

Managing secrets for containerized Windows apps

I am just starting on the containers journey - with all the nice hurdles which could be added by PCI and data privacy, aggravated by a general immaturity of the Windows containers at the moment.
One of the important components of properly containerized application - the Continuous Delivery pipeline, - must comply with regulations as well, hence protecting the secrets, - encryption keys, connections, credentials, signatures, - as the code is being pushed along from development to production.

With this, some insights are offered by a nice "Managing Secrets in .NET CORE 2.0 Apps" article. It is a nice touch that .NET Core comes with out-of-the-box secret management features. And the tips from the article had at least some risky options removed from consideration. So far, so good.
Unfortunately, as the code arrives to the final destination on the Windows container, the secrets are not kept in the memory, unlike for the Linux-based containers. Azure does provide a lot of ways to relief some of this pain, but what should one with the containers-on-the-premise do? That's the next puzzle to resolve...

No comments:

© 2008-2013 Michael Goldobin. All rights reserved