Secure development - Keeping your application secrets private

Presented 16/05/2018 at the dotnet.Amsterdam meetup.

Secure development: Keeping your application secrets private by Henry Been

Do you still store secrets in source control? Are your secrets safely stored, but are you struggling to distribute them to your applications? Do you feel this should be easy, but you can’t just find out how?

In this session, Henry will take you on a journey that starts with passwords in source control. From there he will quickly take you along on a series of improvements to make both local development and production deployments more and more secure with every change.

Along the way, you will learn how to use Azure Key Vault, Azure Active Directory (AAD) and App Service Managed Instance to get everyone on a need to know basis. Finally, you will see how forgetting about keys, certificates and passwords completely and just using AAD could solve all your problems.

That is.., if everyone would just use AAD!

Henry Been is an independent architect and developer from The Netherlands. He works with development teams to create great software. Henry’s interests include the Azure cloud, DevOps, software architecture and the design and implementation of testable and maintainable software.

You can follow him on twitter at or read his blog at