Security

23 - Gatekeeper and Valet Key Patterns - Secure your APIs and Resources

23 - Gatekeeper and Valet Key Patterns - Secure your APIs and Resources

2021-01-22

Continuing the 'Architecting for the Cloud, one pattern at a time' series, Chris and Peter Piper explore two closely related cloud design patterns for securing APIs and backend resources. The Gatekeeper pattern positions a dedicated host between untrusted clients and trusted backend services — handling authentication, authorization, request validation, protocol translation, and rate limiting. The Valet Key pattern complements it by issuing short-lived, scope-restricted tokens (such as Azure SAS tokens) so clients can access specific resources directly, reducing load on central services without sacrificing security. The episode covers practical implementation options on Azure including API Management, Azure Key Vault, and Azure App Configuration.

GitHub Actions and Azure - Getting started with GitHub Actions and Azure Login

GitHub Actions and Azure - Getting started with GitHub Actions and Azure Login

2020-11-29

New to GitHub Actions? This episode is your starting point. Chris walks through GitHub Actions workflow fundamentals—YAML syntax, jobs, steps, GitHub-hosted runners, and secrets management—then shows how to authenticate against Azure using the Azure Login action and a service principal, before running Azure CLI commands as part of your first automated pipeline.

16 - The Backends for Frontends and Strangler Pattern with Peter Piper

16 - The Backends for Frontends and Strangler Pattern with Peter Piper

2020-11-22

Managing APIs across web, mobile, and multiple consumer types creates tight coupling that slows modernisation and makes versioning painful. In this episode, Chris Reddington is joined by Peter Piper to explore the Backend for Frontends (BFF) pattern — creating dedicated backends tailored to each consumer — alongside the Strangler Fig pattern for incrementally migrating legacy monoliths without disrupting existing clients. The Façade pattern also features as a key decoupling mechanism for smooth API migrations. Part of the "Architecting for the Cloud, One Pattern at a Time" series.

13 - Tales from the Real World - Defying DDOS

13 - Tales from the Real World - Defying DDOS

2020-10-30

DDoS attacks have scaled to cloud-level volumes — terabits per second — that on-premises hardware simply cannot absorb. In this episode, Chris is joined by Cam Adams, an engineering manager from Brisbane, Australia, who shares first-hand experience helping customers across Asia-Pacific defend against distributed denial-of-service attacks using Azure. Whether workloads are fully in the cloud, in a hybrid state, or entirely on-premises, Cam explains how Azure can act as a scalable, cloud-powered defensive layer — and why the time to act is before an attack hits, not after.

12 - Modern Identity Patterns

12 - Modern Identity Patterns

2020-10-16

Chris is joined by Christos Matskas — former Microsoft Premier Field Engineer, developer tools evangelist, and .NET identity expert — for a deep-dive into modern identity patterns in the cloud. They cut through the confusion between Azure AD, Azure AD B2B, Azure AD B2C, and External Identities, explain why the network perimeter is no longer your security boundary, and make the case for letting battle-hardened libraries like MSAL do the heavy lifting rather than rolling your own auth. From eliminating secrets in ARM templates to Zero Trust principles, this episode lays a practical foundation for securing any cloud application.

8 - Azure Security

8 - Azure Security

2020-06-07

Moving to Azure? Security has to come first. Chris is joined by cybersecurity expert Andrew Nathan to explore how organisations can build a strong security posture in the cloud — covering Azure Security Center and Secure Score, identity strategy (Azure AD vs. Azure RBAC), multi-factor authentication, threat modelling, Azure Policy and Management Groups for governance, and the evolution of security operations into red team/blue team war gaming. Whether you're starting your cloud journey or course-correcting an existing environment, this episode will help you understand where to begin and how to keep improving over time.

5 - The API Economy

5 - The API Economy

2020-04-25

APIs are the connective tissue of modern cloud architectures — but poor API design compounds into technical debt that is expensive to unwind. In this episode, Chris Reddington and Peter Piper explore the full lifecycle of API design: defining versioning contracts up front, modernising legacy APIs using the Strangler and Façade patterns, and securing APIs with JWT tokens, OAuth 2.0, and OIDC. They also cover Azure API Management patterns, circuit breakers, throttling, key rotation with Azure Key Vault, and the DevSecOps practices that keep an API estate healthy at scale.

3 - DevOps in a Cloud World

3 - DevOps in a Cloud World

2020-03-29

DevOps is the union of people, process, and products to enable the continuous delivery of value to end users — not just code or features. In this episode, Abel Wang, Principal Developer Advocate and DevOps Lead at Microsoft, joins Chris to cover the foundations of DevOps, telemetry-driven development, database DevOps, feature flags, Site Reliability Engineering, and the importance of shifting left on quality and security.

DigiCert Certificate Management through Azure Key Vault

2016-09-12 · 5 min

When designing a solution, you want to be sure that your communications are secure and that your users can trust your application. Typically, SSL certificates can be useful for this purpose.That is well and good from a design and development perspective, but there may some management headaches when operating and governing the solution. How do you keep track of the certificates? How do you guarantee that they are kept secure? How do you ensure that certificates renew on time?