Feature Overview Video Series #7: Azure Key Vault Secrets
AppSource Apps Can Store Secrets in Azure Key Vault
In this feature overview video series by Microsoft, we highlight new capabilities included in the latest update to Dynamics 365 Business Central. This feature video will show how AppSource applications can store their secrets in the Azure Key Vault.
Azure Key Vault is a cloud service for securely storing and accessing secrets in a centralised storage. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. With Azure Key Vault, sensitive information is safeguarded by industry-standard algorithms, key lengths and even hardware security modules. Also, teams can have even fine granular control over who has what permissions over the sensitive data.
In this release, Microsoft is introducing an option for app developers to create their own secrets in the Azure Key Vault account created in their own subscription. The Azure Key Vault account can then be specified in the app.json file of the app. With the key vault specified, the Business Central online service now allows app code to read the secrets from the vault during code execution. The secrets will not be accessible to other apps installed on the same environment.
Azure Key Vault, in combination with managed identities for Azure resources, enables your Azure web app to access secret configuration values easily and securely without needing to store any secrets in your source control or configuration. Azure Key Vault prevents the disclosure of sensitive information through source code, a common mistake that many developers make—confidential details left in the source code which, when gained by malicious users, can result in undesired consequences.
This capability will be available in Business Central online for all apps registered on AppSource. Note that additional onboarding steps are required. It will not be available for per-tenant extensions and developer extensions—extensions that are published directly from Visual Studio Code to a sandbox environment.
Microsoft will also be supporting this feature for on-premises deployments of Business Central.
#2020ReleaseWave2 Business Central
For more updates on the recent changes with the #2020ReleaseWave2, be sure to check our Facebook, YouTube and LinkedIn channels for other feature overview video series!
Also, do visit our YouTube Channel for more videos on LS Retail, Dynamics 365 Business Central, and Sana e-commerce. Likewise, you can drop us an email today to find out more!