Store Secret Data in .NET Core Web App with Azure Key Vault

This is an exciting course that will teach you how to secure sensitive data, such as passwords and connection strings in a ASP.NET Core 1.1 Web API.

These are skills that you must master as a serious developer.

*** NEW CONTENT: The same course for ASP.NET Core 1.1 in Visual Studio 2017 has been added ***

In this course you will:

• Register for an Azure subscription
• Implement a .NET Core 1.1 Web API
• Store sensitive data with User Secret Manager (secrets.json), which stays on the developer machine and won’t be propagated to a source code repository like GitHub or TFS when the code is checked in.
• Implement an Interface called ISecrets, which will be injected into the controller’s constructor via Dependecy Injection. The values from the secrets.json file or the Azure App Settings can then be used from the controller.
• Add an Azure Key Vault, where secret values are stored, protected by Azure Active Directory security.
• Add an Azure Active Directory App Registration to secure the Key Vault. The Application Id and the App Registration secret key is used to access the Key Vault
• Read values from the Key Vault using the Application Id, secret key and the Key Vault’s value endpoints
• Call the Web API in Azure using the Chrome application Postman and make sure that the secret Key Vault values are returned. Note that the secret values normally wouldn’t be returned through the API, we do it here for educational purposes only.