Andrew Matveychuk andrewmatveychuk
☁️
andrewmatveychuk
/ appsettings.json
Created
June 24, 2024 09:38
An appsettings.json file to authenticate to Azure resources using a system-assigned managed identity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "KeyVault": { | |
| "vaultUri": "https://kv-4zdnwe1wgbwdp.vault.azure.net", // Your Key Vault URI | |
| "credential": "managedidentity" // Using the system-assigned managed identity of your Azure Arc-enabled server | |
| } | |
| } |
andrewmatveychuk
/ appsettings.json
Created
June 7, 2024 09:07
A redacted appsettings.json file to authenticate to Azure resources using the DefaultAzureCredential type
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "KeyVault": { | |
| "vaultUri": "https://kv-4zdnwe1wgbwdp.vault.azure.net" // Your Key Vault URI | |
| } | |
| } |
andrewmatveychuk
/ appsettings.json
Created
June 7, 2024 09:05
Sample configuration in an appsettings.json file to authenticate to Azure resources using the ClientCertificateCredential type
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "KeyVault": { | |
| "vaultUri": "https://kv-4zdnwe1wgbwdp.vault.azure.net", // Your Key Vault URI | |
| "tenantId": "3f5ed419-0e1b-4f47-8f94-a5b9fa4f298e", // Your Azure tenant ID | |
| "clientId": "76a95e90-ec2c-4d59-b92b-9c5b8316cff4", // Your app registration in the tenant | |
| "clientCertificate": "5378d04cd9a86a6cde595478d664cc9e2f755d4b", // That should be your unique certificate thumbprint | |
| "clientCertificateStoreLocation": "LocalMachine" // The certificate store name, which should be 'CurrentUser' or 'LocalMachine' | |
| } | |
| } |
andrewmatveychuk
/ WorkerService.cs
Created
June 7, 2024 09:01
Using the AddAzureClients method to initialize Azure clients from an appsettings.json file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Extracts from a sample .NET Worker Service project | |
| // You can add your target Azure resources in the Program.cs file using the 'AddAzureClients' method and extension methods from corresponding Azure services client libraries | |
| // ... | |
| var builder = Host.CreateApplicationBuilder(args); | |
| builder.Services.AddAzureClients(clientBuilder => clientBuilder.AddSecretClient(builder.Configuration.GetSection("KeyVault"))); | |
| // ... | |
| // Then you can 'inject' your Azure client into the Worker object (the Worker.cs file) and use them in your task |
andrewmatveychuk
/ EnvVarCertApp.cs
Last active
June 7, 2024 09:13
Using the DefaultAzureCredential class and environment variables to read a certificate from a local file and retrieve a Key Vault secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using Azure.Identity; | |
| using Azure.Security.KeyVault.Secrets; | |
| var keyVaultName = Environment.GetEnvironmentVariable("KEY_VAULT_NAME"); // Getting the Key Vault name from an environment variable | |
| if (keyVaultName is not null) // Checking if the environment variable is set | |
| { | |
| Console.WriteLine($"Key Vault name: {keyVaultName}"); | |
| var keyVaultUri = "https://" + keyVaultName + ".vault.azure.net"; |
andrewmatveychuk
/ LowLevelCertApp.cs
Created
June 7, 2024 08:43
Explicit reading of a certificate from a certificate store to authenticate to an Azure Key Vault and read a secret from it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System.Security.Cryptography; | |
| using System.Security.Cryptography.X509Certificates; | |
| using Azure.Identity; | |
| using Azure.Security.KeyVault.Secrets; | |
| string keyVaultName = "kv-4zdnwe1wgbwdp"; // The name of the Key Vault you want to access | |
| var keyVaultUri = "https://" + keyVaultName + ".vault.azure.net"; // The Key Vault URI | |
| string tenantId = "3f5ed419-0e1b-4f47-8f94-a5b9fa4f298e"; // Your Azure tenant ID | |
| string clientId = "76a95e90-ec2c-4d59-b92b-9c5b8316cff4"; // Your app registration in the tenant | |
| string certificateThumbprint = "5378d04cd9a86a6cde595478d664cc9e2f755d4b"; // That should be your unique certificate thumbprint |
andrewmatveychuk
/ Log-ToLogAnalytics_v2.ps1
Created
February 24, 2024 21:12
An improved Azure Automation runbook that sends custom logs to a Log Analytics workspace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region LogEntry class definition | |
| # Defining your custom categories using enum type | |
| enum OperationResultList : byte { | |
| Disabled | |
| Deleted | |
| Detected | |
| } | |
| # Defining your custom PowerShell class for log entries | |
| class LogEntry { |
andrewmatveychuk
/ LogEntry.ps1
Created
February 23, 2024 20:54
A sample PowerShell class for defining custom log entry objects
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| enum OperationResultList : byte { | |
| Disabled | |
| Deleted | |
| Detected | |
| } | |
| class LogEntry { | |
| [OperationResultList] $OperationResult | |
| [ValidateNotNullOrEmpty()] [string] $OperationDetails |
andrewmatveychuk
/ New-LogEntry.ps1
Last active
February 24, 2024 21:09
A sample PowerShell function to push logs to a Log Analytics workspace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function New-LogEntry { | |
| <# | |
| .SYNOPSIS | |
| Push a new log entry(s) to a Data Collection Endpoint | |
| .DESCRIPTION | |
| The New-LogEntry cmdlet sends provided JSON payload to the target Data Collection Endpoint | |
| to be processed by Data Collection Rule and logged to an underlying Log Analytics workspace | |
| .PARAMETER DceEndpoint | |
| Data collection endpoint (DCE) to send collected data for processing and ingestion into Azure Monitor | |
| .PARAMETER DcrImmutableId |
andrewmatveychuk
/ Log-ToLogAnalytics_v1.ps1
Created
February 23, 2024 10:12
A basic Azure Automation runbook that sends custom logs to a Log Analytics workspace
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #region Creating your log entries | |
| $logEntry1 = [PSCustomObject]@{ | |
| OperationResult = 'Disabled' | |
| OperationDetails = 'Some operation details goes here...' | |
| } | |
| $logEntry2 = [PSCustomObject]@{ | |
| OperationResult = 'Deleted' | |
| OperationDetails = 'Some operation details goes here...' | |
| } |
NewerOlder