Creating a Key Encrypting Key (KEK)

Previously I have taken the steps to add secrets and keys to the Key Vault as well as create my self signed certificates using PowerShell. With the opportunities to use drive encryption in Azure on IaaS machines it makes sense to go through the steps of using a Key Encryption Key (KEK) to increase security…


Using Key Vault Secrets in PowerShell

Interacting with Key Vault through the standard cmdlets is very simple and straight forward, but what happens when I want to use the Key Vault functions that are not exposed in this way such as encrypting or signing a value using the key stored in the key vault? I was experimenting with some ideas to…


Self Signed Certificate Creation

The number of times in the past that I have had to create self signed certificates is far too many to count! There have been various tools to help with it include IIS Server Management and the old standby MAKECERT utility. When I needed to create a couple new certificates for my Azure Drive Encryption…


Ronin – Key Vault

The first thing I am going to do is setup a standard way to work with and store the solutions primary secrets and cryptographic materials. I find that as a developer I am called on to decide or at least make recommendations on how to handle implementations of protocols, tools and technologies that need access…


Ronin Building Blocks – Network Template

I am a strong believer in building security into the solution from the ground up in general but when it comes to IoT it is pretty much mandatory. There seems to be a consistent stream of exploits and attacks on connected devices so to properly defend my solution against this I will start any deployment…


Ronin Building Blocks – Configuration

Database, XML, CSV, JSON, INI and event to my horror hard coding are all techniques that I have seen for handling configuration information. With .NET, it has typically been the accepted practice of using the host mechanisms configuration management style, whether that is web.config, app.config or settings.xml and in general that has worked out fine…


Ronin Building Blocks – Logging

Working with large scale distributed systems can be a challenge for the operations team whether it is handling capacity demands, scaling for cost, applying updates, rolling out new versions or keeping it safe and secure. Over the last two decades I have seen an ever-increasing demand for availability and uptime with an cyber attacks and…


Ronin Building Blocks – Dependency Injection

As much as I enjoy coding I must constantly decide whether there is more value in writing a custom piece of code or taking one off the shelf that is supported and has had more eyes on it. A great example of this can be seen in the next few building blocks starting with this…


Ronin Building Blocks – Resource Pools

In Azure, just as most other shared resource situations, there are policies put in place to govern fairness of use (most limits can be found here). These limits are the best friend of solutions that do not over consume, protecting them from abusers etc., but must be handled appropriately by solutions that push up against them. Take…


Ronin Building Blocks – Precision Time

Have you ever been working on debugging or diagnosing an issue and you need to get the time it takes to execute an external service call? I personally don’t want to use a stop watch, although it is a viable solution, when I already have the start time (DateTime.UtcNow) that I wrote to my logs, I just want…