Keeping Credentials Out of Plain Text Using Azure Automation and Configuration
October 07, 2019
Have you ever put a username and password in plain text of a script file? Have you thought about the impact this could have if someone found a username and password together in that script? Common hacks reported on the news are often the result of such a discovery that seems easily avoidable when you hear about them, but still pose a challenge when you look for alternative solutions.
Whenever you use or connect to cloud-based services, security is always a concern. One of the common challenges is how you connect when you want to run a process repeatedly and have it run on a schedule or unattended. As an example, if you need to scale your database to a higher service tier while an ETL job runs and then scale it back down to a lower cost tier when the job is done, you might write a script file that connects to the service and scales the database up or down. That script needs to provide identity to authorize the change in service levels, but how do you do this securely without leaving credentials in plain sight?
Storing your identity in a readable script poses the following challenges:
- Risk of a security breach when storing credentials in an unsecured fashion
- Waste time trying to create orchestration management for task execution
- Inability to consistently track changes of inventory or state on machines
- Inconsistent management of process automation and scheduling between Windows and Linux machines in Azure and on-premises
Today’s organizations and development teams are moving in a direction where they want to keep credentials for cloud resources outside of easily readable code. Luckily, tools like Azure Automation and Configuration are helping them do this.
What Is Azure Automation and Configuration
If you’re not familiar with Azure Automation, it is a service in Azure that allows you to automate your Azure management tasks and to orchestrate actions across external systems from right within Azure. The solution is built on PowerShell Workflow and uses the concept of runbooks. This allows you to use a secured automation job that can be invoked through a webhook, enabling you to run repeatable, repetitive tasks while ensuring consistent execution without additional infrastructure. As such, you can eliminate the need to store account credentials in easily compromised mediums.
If you have not yet signed up for Azure Automation, you can sign up for a free preview here. You can also learn more about Azure Automation here.
The Bottom Line
For the security conscious developer/engineer, keeping credentials out of source control and away from the wrong people is important. At the same time, you still need the flexibility to write script files that scale up and down as needed. Azure Automation allows you to confirm your identity without storing it somewhere where it is vulnerable to hacks.
While there are many reasons to get started with Azure Automation and Configuration, keeping your credentials safe and secure is a big reason to get started right away. Contact us to learn more about security in the cloud and to discuss how you can best leverage the latest features of Azure Automation and Configuration to enable your business.