Security

Help Santa Secure His Naughty List

Help Santa Secure His Naughty List

This year I am a part of the Festive Tech Calendar and this blogpost is about securing secrets in Bicep deployments, with a festive twist.

Azure
Even on the North Pole they must adopt new technologies, and Santa has started using Bicep to deploy his list of this year’s presents. Last year, Santa got a huge fine from the North pole Data Protection Authority after he committed the full naughty list into source control in a public repository. This year, Santa needs help with securing his secrets in Bicep templates during deployments! Before I start the blogpost, I want to give a shoutout to the organizers of the Festive Tech Calendar for the amazing work they do!
The SQL Server AllowAllAzureIps setting

The SQL Server AllowAllAzureIps setting

The story about a deep dive into Azure SQL firewall rules and the setting AllowAllAzureIps

Azure
This is going to be a longer one. You have been warned! This adventure started last week when I attended the Azure User Group Norway with a session on Azure SQL networking secrets by Dennes Torres. Dennes showed a setting in the firewall rules on Azure SQL server that said, “Allow Azure services and resources to access this server”. Now you might think “Yeah, I need that for my App Service to access the database”, but in reality, this setting will allow ALL Azure IPs to access the SQL server!