#keyvault — Public Fediverse posts on home.social

mvu @[email protected] · 2025-01-29 · 04:28 UTC

So I've been trying to figure out the answer to a theoretical problem: what would I do if I was in a foreign country and had my phone and laptop seized / stolen?

I'm not too concerned about the shit on them, but nowadays everything is 2FA. Even my password manager needs second factor auth on a new device, and the second factor is email which... You guessed it needs a second factor. I feel like I'm one lost device from disaster.

How do you go from zero to re-equipped with your logins without access to your own desk and devices?

Would it be insane to post an encrypted binary blob in like a public git repo? Random webpage? What encryption would be sufficient to confidentiality drop an entire password vault, ssh keys, etc into a public space?

(Encryption not my area of expertise)

#2fa #encryption #passwords #keyvault #multifactor #backups #cybersecurity

#keyvault #multifactor #backups #cybersecurity #2fa #encryption

Heath Stewart @heaths · 2023-07-23 · 16:21 UTC

Now that the #golang #AzureSDK for #KeyVault has released v1.0.0, I have updated to it and released v1 of https://pkg.go.dev/github.com/heaths/a[email protected] : a cryptography client for Key Vault and #ManagedHSM that not only makes it easier to call crypto operations but tries to first cache the public key and do public key operations locally to improve performance and help mitigate throttling.

We have this in our other languages' SDKs but doesn't fit our design goals for #golang, so I wrote it as a separate module.

#golang #azuresdk #keyvault #managedhsm

F0rm4t @[email protected] · 2023-06-19 · 08:40 UTC

𝗛𝗼𝘄 𝘁𝗼 𝘀𝗲𝗰𝘂𝗿𝗲 𝗮 𝗙𝘂𝗻𝗰𝘁𝗶𝗼𝗻 𝗔𝗽𝗽?

𝚂̲𝚎̲𝚌̲𝚞̲𝚛̲𝚎̲ ̲𝚘̲𝚙̲𝚎̲𝚛̲𝚊̲𝚝̲𝚒̲𝚘̲𝚗̲

➡️Defender for Cloud for assessment of potential configuration-related security vulnerabilities

➡️Log and monitor: diagnostic settings to configure streaming export of platform logs and metrics

➡️Require HTTPS

➡️Securing keys with Azure key Vault

➡️Enable App Service Authentication/Authorization

➡️Use Azure API Management (APIM) to authenticate requests

➡️Run your function app with the lowest possible permissions

➡️Store data encrypted

𝚂̲𝚎̲𝚌̲𝚞̲𝚛̲𝚎̲ ̲𝚍̲𝚎̲𝚙̲𝚕̲𝚘̲𝚢̲𝚖̲𝚎̲𝚗̲𝚝̲

➡️Disable FTP

➡️Secure the scm endpoint

𝙽̲𝚎̲𝚝̲𝚠̲𝚘̲𝚛̲𝚔̲ ̲𝚜̲𝚎̲𝚌̲𝚞̲𝚛̲𝚒̲𝚝̲𝚢̲

➡️Set access restrictions

➡️Secure the storage account

➡️Private site access with Azure Private Endpoint

➡️Deploy your function app in isolation configuring a Web Application Firewall (WAF) for App Service Environment.

More details: https://learn.microsoft.com/en-us/azure/azure-functions/security-concepts?tabs=v4

#security #azure #cloud #data #management #streaming #functionapp #serverless #waf #appservice #privateendpoint #networksecurity #securedeployment #apim #ftp #keyvault #key #vulnerability #assessment #misconfiguration #encryption #storage #storageaccount #defender #defenderforcloud #cnapp #cspm #cwpp #microsoft #microsoftsecurity #cloudsecurity #cloudnative #siem #monitoring #soc

#security #azure #cloud #data #management #streaming