DEV Community: Ajayi Daniel

Automating Application Deployment with CI/CD: A Case Study Using Node.js, Docker, and Kubernetes

Ajayi Daniel — Fri, 27 Feb 2026 16:47:00 +0000

STEP1: Configure Git globally

STEP 2 Initialize Project

STEP3 Initialize Node.js Project & Update package.json

STEP4: Create app.js

STEP 4 Install Dependencies

STEP 5 Create Tests

Step 6: Dockerfile

step7 : Essential Configuration Files

HOW TO CREATE AN ELASTIC BEANSTALK ON AWS

Ajayi Daniel — Fri, 26 Dec 2025 12:19:30 +0000

WHAT IS AN ELASTIC BEANSTALK: An Elastic Beanstalk application is a container for Elastic Beanstalk components, including environments where your application code runs on platforms provided and managed by Elastic Beanstalk, or in custom containers that you provide.

THROUGH UNDERSTANDING OF ENVIROMENT ELASTIC BEANSTALK
An Elastic Beanstalk environment is a collection of AWS resources running together including an Amazon EC2 instance. When you create an environment, Elastic Beanstalk provisions the necessary resources into your AWS account.

STEP 1 - CREATE AN APPLICATION **
To create your example application, you'll use the Create application console wizard. It creates an Elastic Beanstalk application and launches an environment within it.
Reminder: an environment is a collection of AWS resources required to run your application code.

**STEP 2 - CONFIGURE THE ENVIROMENT
You choose the type of application you are deploying (a Web Server environment for handling web traffic), assign an application name (Deepdivedec22app) to organize all related deployments, and optionally add tags for easier management and billing, which together define the basic structure and identity of your Elastic Beanstalk application

STEP 3 - PROCEEDURE IN CONFIGURE ENVIROMENT
In this step, you assign a unique environment name (Deepdivedec22app-env), optionally choose a custom subdomain for your app’s public URL, and select the application’s runtime platform (Node.js 24 on Amazon Linux 2023 with version 6.7.1), which together determine how and where your application will run in the cloud

*STEP 4 NEXT PROCEDURE ON CONFIGURE ENVIROMENT *
IT is a configuration step from a cloud service deployment interface (likely AWS Elastic Beanstalk) where users must upload their application's source code and then select a pre-defined infrastructure template, or "preset," which automatically sets parameters like server type, scaling, and availability to match common deployment scenarios such as a simple test setup or a high-availability production environment.

*STEP 5 CONFIGURE SERVICE ACCESS *
A configuration step for setting up service access, which is critical for security and functionality in a managed cloud service like AWS Elastic Beanstalk. Here, you must define two essential Identity and Access Management (IAM) roles: a service role that grants the Elastic Beanstalk platform itself the permissions it needs to manage resources on your behalf, and an EC2 instance profile that provides the necessary permissions to the actual application servers (EC2 instances) it launches. Additionally, there is an optional setting to select an EC2 key pair, which is used for secure SSH access to those instances for administrative purposes.

STEP 5 HOW TO CONFIGURE SERVICE ROLE
This image Below shows the first step in creating an IAM role, where you must specify the trusted entity—the type of principal (like an AWS service, another account, or a user from an external identity provider) that is allowed to "assume" or use this role to perform actions in your AWS account. Selecting the correct trusted entity is the foundational security step that defines who or what can be granted the permissions attached to this role.

*STEP 6 ROLE ACCESS CONTINUATION *
This image Below shows the continuation of creating an IAM role for AWS Elastic Beanstalk, focusing on selecting a specific use case for the service. After choosing "Elastic Beanstalk" as the service, you are presented with two distinct use cases that define the role's purpose.

The "Elastic Beanstalk - Compute" use case is designed for an EC2 instance profile. This role is attached to the application servers themselves, granting them permissions to perform actions necessary for the application to run, such as uploading logs to Amazon S3 or sending metrics to Amazon CloudWatch.

The "Elastic Beanstalk - Environment" use case is designed for the service role. This role is assumed by the Elastic Beanstalk platform service, giving it permission to manage AWS resources like EC2 instances, Auto Scaling groups, and load balancers on your behalf to create and manage the environment's infrastructure. Selecting the correct use case here is crucial for ensuring the right permissions are granted to the right component of the Elastic Beanstalk architecture.

*STEP 7 ROLE ACCESS CONTINUATION *
This image shows the next step in creating an IAM role for Elastic Beanstalk, where the necessary permissions policies are being attached.

When you select a specific use case (like "Elastic Beanstalk - Environment"), AWS automatically determines which managed policies are required for that role to function properly. In this case, the platform is pre-selecting two AWS-managed policies: AWSElasticBeanstalkEnhancedHealth and AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy.

The first policy grants permissions for Elastic Beanstalk to collect and report enhanced health monitoring information from your environment. The second policy allows Elastic Beanstalk to perform managed updates on your environment, such as applying platform updates in a controlled way.

This step automates security best practices by attaching the minimum, predefined permissions needed for the role's intended function, as defined by AWS.

*STEP 8 CONTINUATION ROLE ACCESS ON SERVICE ROLE FINAL STEP *
This image shows the final step in the IAM role creation process within the AWS Management Console, confirming the successful creation of the role. The newly created role, named aws-elasticbeanstalkdec2026-service-role, is now visible in the list of IAM roles.

The screenshot highlights key details about the role: it is listed under "Access management," and its trusted entity is confirmed to be the "elasticbeanstalk" AWS service, meaning only the Elastic Beanstalk platform can assume this role. The creation is marked as successful, and the role is ready to be selected in the previous "Configure service access" step, completing the setup of the required service role for deploying an environment.

STEP 9 CREATING A PAIR KEY FOR SEVICE ACCESS
From the Amazon EC2 console, specifically the Key Pairs section. This is where you manage the SSH keys needed to securely log into your EC2 instances.

Right now, I'm looking at the list view where I can search for any existing key pairs by name, type, or other details. To make a new one, I would click the "Create key pair" button in the actions menu. You can see the rest of the EC2 navigation menu on the left, showing options for Instances, Images, and other resources, which tells me this key management is just one part of the overall process for setting up a server.

STEP 10 CONTINUATION CREATING A PAIR KEY FOR SEVICE ACCESS
Here, I need to define the key's properties. I've named it "Dec2026" and must select a Key pair type (choosing between the RSA or ED25519 encryption algorithms). I also need to choose the Private key file format—.pem for use with standard OpenSSH clients on Linux or Mac, or .ppk for use with the PuTTY client on Windows. There's also an optional section to add tags for better resource organization. Once I fill this out and create the key, the .pem or .ppk file will be automatically downloaded to my computer; this private key must be kept secure, as it's my only way to authenticate via SSH.

STEP 11 FINAL STEP FOR CONFIGURING SERVICE ACCESS
I have successfully configured all the necessary security identities. The previously created service role (aws-elasticbeanstalkdec2026-service-role) and EC2 instance profile (aws-elasticbeanstalkdec2026-ec2-role) are now selected, granting the platform and the application servers their required permissions. Additionally, I've chosen the optional EC2 key pair named "Dec2026," which will allow me to SSH into the instances for direct access if needed. With all these elements in place, I can proceed to the next optional steps for networking and scaling, or go straight to reviewing and launching the environment.

*STEP 12 HOW TO SET UP NETWORKING DATABASE AND TAG *
Here, I'm configuring the network layout for my application. I've selected a custom VPC named december20026project-vpc instead of using the default one. The main decision on this screen is whether to assign a public IP address to the EC2 instances. Enabling this would allow the instances to be directly reachable from the internet, which is a key security and architectural choice. The interface also shows where I can choose specific subnets within the VPC to launch the instances into.

*STEP 13 CREATE A VPC *
I'm choosing the option to create "VPC and more", which will automatically generate a complete, ready-to-use network including subnets and other core resources. I've set the Name tag to december20026project, and the VPC will be named december20026project-vpc. For the IP address range, I've specified the CIDR block 10.0.0.0/16, which provides over 65,000 private IP addresses. The preview shows that this setup will automatically create four subnets across two Availability Zones (us-east-1a and us-east-1b), establishing a foundational and redundant network structure for my application.

STEP 14 CONFIGURE INSTANCE TRAFFIC AND SCALING
Right now, I'm specifically looking at the settings for the root volume—which is basically the main hard drive for each server. Here, I can choose the type of storage, decide how big it should be in gigabytes, and set performance details like the IOPS (how many read/write operations it can handle per second) and throughput (the data transfer speed). At the bottom, I'm also setting up CloudWatch monitoring to report metrics from the servers every five minutes, so I can keep an eye on their performance.

*STEP 15 CONFIGURE UPDATE MONITORING AND LOGGING *
I've completed all the setup steps: from the initial configuration and security access to the optional networking and server settings. This review page gives me one last chance to check every decision I've made, from the application name and platform to the chosen instance type, VPC, key pair, and monitoring options.

Scrolling through this, I can see all my configured details listed in a clear summary, including the service role, instance profile, and that I've enabled enhanced health reporting. Seeing everything confirmed here makes me confident I've set it up correctly. Once I click "Submit," Elastic Beanstalk will start provisioning all the AWS resources—like the load balancer, EC2 instances, and Auto Scaling group—to build and launch my environment.

STEP 16 FINAL REVIEW BEFORE DEPLOYMENT OF APP
I'm on the final review page of the Elastic Beanstalk setup, where I'm double-checking all my configuration choices before launching the environment.

This first section of the review summarizes the core setup from Step 1. I can see that my environment, named Deepdivedec22app-env, is configured as a Web server environment. It's set to run on the Node.js 24 platform on Amazon Linux. The application itself is named Deepdivedec22app, and for this initial deployment, I'm using the sample application code provided by AWS.

The progress bar on the right confirms that I have already configured the service access, networking, instance settings, and monitoring in the previous steps. Everything looks correct here, so I'm ready to proceed to the final launch.

STEP 17 FINAL DEPLOYEMENT

User Access and Profile Management Basics

Ajayi Daniel — Mon, 29 Sep 2025 14:43:00 +0000

****WHAT IS EXTRA ID it’s a backup or supplementary identifier that helps further confirm someone’s identity or connect their record in another system

STEP BY STEP GUIDE OF CREATING A NEW USER IN ON EXTRA ID

STEP 1 Open the Microsoft Entra admin center at https://entra.microsoft.com.
Log in using the credentials for your tenant.
From the menu on the left, select User and then All users.
Select + New user and then pick the Create new user option.

CLICK ON CREATE A NEW USERS

STEP 2 Enter the requested information:
Field Value
User principal name BhogeswarK
Display name Bhogeswar Kalita

STEP 3 GO THE PROPERTIES
Select the Properties tab.
Set the values for first and last name:
Field Value
First name Bhogeswar
Last name Kalita
Note that you can set the User type to Member. If you pick Guest, it will restrict the users capabilities.
Scroll down to the bottom of the page.
Set the Usage location to United States or to whatever region you are in.
Select the Review + create button.
Select Create.

STEP 4 Invite an external user to your tenant
Open a browser and connect to the Microsoft Entra admin center at https://entra.microsoft.com.
If prompted, log in using the credentials for your tenant.
From the menu on the left, open the Identity menu.
Select Users then select All users.
At the top of the page select + New User.
Choose the option to Invite external user from the dropdown.
Enter the information for your new external user:

Field Value
Email ExtUser@testemailcom
Display name External User
Message Thank you for joining the company for this short work project. We look forward to building this project together.
Select the Review + Create button.
Select Create.

STEP 5 Assign Role To a user
Open a browser and connect to the Microsoft Entra admin center at https://entra.microsoft.com.
If prompted, log in using the credentials for your tenant.
In the left menu find the Identity section. Open it if not already opened.
Select Users then select All users.
Choose the user Bhogeswar Kalita create in the earlier task.
From the newly opened menu select Assigned roles.
At the top of the screen select + Add assignment.
From the Select role dropdown menu chose the role Attribute Definition Reader.
Select the Next button when it becomes available.
Choose the option Eligible for Assignment type.
Select Assign.

Next step choose Assign role

🚛Logistics Administration: A Step-by-Step Daily Workflow with Linux🚛

Ajayi Daniel — Wed, 24 Sep 2025 11:20:19 +0000

WHAT IS LINUS Linux is an operating system like Windows, but it’s free, customizable, and used everywhere—from your phone to Google’s servers

STEP 1 CREATE A FOLDER
mkdir logistics_admin
cd logistics_admin

STEP 2 CREATE A SUB FOLDER
mkdir invoices staff reports and type ls to list the directories

STEP 3 CREATE A FILES WITH TOUCH
touch invoices/invoice1.txt invoices/invoice2.txt
touch staff/staff1.txt staff/staff2.txt

STEP 4 ADD CONTENT TO THE FILE
Inside the editor: vim invoices/invoice1.txt
Invoice ID: INV001
Client: NNPC
Amount: 1200
Status: Pending
👉 Save & exit in vim: press Esc, type :wq, then hit Enter

STEP 5 ViEW CONTENT WITH CAT
cat invoices/invoice1.txt

cat staff/staff1.txt

STEP 6 COPY AND MOVE FILES
Copy an invoice into reports:
cp invoices/invoice1.txt reports/

Move a staff record into reports:
mv staff/staff2.txt reports/

CONCLUSION
This project demonstrates how basic Linux commands can be effectively applied to administrative tasks in a logistics department. By using simple tools such as mkdir, touch, vim, ls, cat, cp, mv, pwd, we created and managed invoices, staff logs, and daily reports in an organized structure. Each command served as a practical step in simulating real administrative duties, such as creating records, reviewing documents, searching for pending invoices, and generating reports.

The workflow shows that Linux is not only a powerful operating system for developers and system administrators but also a practical tool for logistics management and administration. With its simplicity, speed, and flexibility, Linux provides a reliable environment to improve efficiency, ensure accurate record-keeping, and streamline daily operations in the logistics sector.

Simplifying DNS Zone Creation and Configuration

Ajayi Daniel — Thu, 11 Sep 2025 13:04:14 +0000

A DNS Zone is basically a section of the Domain Name System (DNS) that contains information about a specific domain and how traffic for that domain should be routed.

It’s like a container that holds all the DNS records for a domain (or part of a domain), such as: A record → Maps a domain name (e.g., example.com) to an IP address.
CNAME record → Maps one domain name to another (e.g., www.example.com → example.com). MX record → Defines mail servers for email delivery.
TXT record → Stores text info, often for verification or security (like
SPF, DKIM).
STEP BY STEP GUIDE TO CONFIGURE AND CREATE DOMAIN NAME SYSTEM

STEP 1 On the Azure portal, search for and select Private DNS zones.
Select + Create and configure the DNS zone.

STEP 2 Create a virtual network link to your private DNS zone
In the portal, continue working on the private.contoso.com DNS zone.
In the DNS Management blade, select + Virtual network links.
Select + Add” and configure the virtual network link.

STEP 3 Create a DNS record set
In the portal, continue working on the private.contoso.com DNS zone.
In the DNS Management blade, select + Recordsets.
Notice that two A records have automatically been created for each of the virtual machines.
Select + Add and configure a record set. When finished select Add

Step-by-Step Guide to Network Routing Configuration

Ajayi Daniel — Thu, 11 Sep 2025 12:09:11 +0000

WHAT IS ROUTE TABLE: A Route Table is like a map used by a network to decide where data should travel. It contains a set of rules (called routes) that tell network traffic which path to take to reach its destination.
STEP BY STEP GUIDE TO CONFIGURE ROUTE TABLE
STEP 1 In the search box, enter Route tables. When Route table appears in the search results, select it, and in the Route table page, select + Create and create the route table.

STEP 2 Associate the route table to the subnets
n the portal, continue working with the route table, select app-vnet-firewall-rt.
In the Settings blade, select Subnets and then + Associate.
Configure an association to the frontend subnet, then select OK.

NEXT STEP FORWARD Configure an association to the backend subnet, then select OK.

STEP 3 Create a route in the route table
In the portal, continue working with the route table, select app-vnet-firewall-rt.
In the Settings blade, select Routes and then + Add.
Configure the route, then select Add.

Hands On with Azure Firewall Setup

Ajayi Daniel — Wed, 10 Sep 2025 13:29:44 +0000

What is Azure firewall An Azure Firewall is a cloud-based network security service provided by Microsoft Azure. It acts as a fully managed firewall that protects your cloud resources by controlling inbound (incoming) and outbound (outgoing) network traffic

STEP BY STEP GUIDE IN CREATING AZURE FIREWALL
STEP 1: In the search box at the top of the portal, enter Virtual networks. Select Virtual networks in the search results. Select app-vnet. Select Subnets. Select + Subnet.

STEP 2 Create an Azure Firewall
the search box at the top of the portal, enter Firewall. Select Firewall in the search results.
Select + Create.
Create a firewall by using the values in the following table. For any property that is not specified, use the default value.

CLICK ON CREATE
PROGRESSING FORWARD FILL ALL THE PROPERTY TO CREATE AN AZURE FIREWALL

Deployment in progress

STEP 3 Update the Firewall Policy
In the portal, search for and select Firewall Policies.
Select fw-policy in the Settings blade, select Application rules and then Add a rule collection.
Configure the application rule collection and then select Add

click on add rules collection

add rules for application

network rules

Practical Approach to Network Security Group Setup

Ajayi Daniel — Tue, 09 Sep 2025 14:43:24 +0000

WHAT IS NETWEORK SECURITY GROUP
A Network Security Group (NSG) is a security feature in cloud computing that acts like a virtual firewall. It controls inbound (incoming) and outbound (outgoing) traffic to and from cloud resources (like Virtual Machines, Subnets, or Databases)
This works by using rules that either allow or deny specific types of traffic based on factors like:
Source IP address Destination IP address Port number Protocol (TCP, UDP, etc.)
STEP BY STEP OF CREATING NETWORK SECURITY
STEP 1 CREATE A VIRTUAL MACHINE TOGETHER WITH NETWORK BY MAKING THE SUBNET TO BE FRONTEND AND THE AP-VNET AS A VIRTUAL NETWORK

NETWORKING IMAGE

VIRTUAL MACHINE 1 CREATED

CREATE ANOTHER VIRTUAL MACHINE TOGETHER WITH NETWORK BY MAKING THE SUBNET TO BE BACKEND AND THE AP-VNET AS A VIRTUAL NETWORK, CALLING IT VM2

NETWORKING SETTING FOR VM2

VIRTUAL MACHINE 2 CREATED

STEP 2 Create Application Security Group
WHAT IS APPLICATION SECURITY GROUP: An Application Security Group (ASG) is a cloud networking feature that helps simplify the management of network security rules by grouping virtual machines (VMs) or resources with similar functions, instead of applying rules to each resource individually

GO TO APPLICATION SECURITY GROUP ON AZURE PORTAL AND PRESS CREATE

NEXT STEP Associate the application security group to the network interface of the VM
In the Azure portal, search for and select VM1.
In the Networking blade, select Application security groups and then select Add application security groups.
Select the app-frontend-asg and then select Add.

STEP 3 Create and Associate the Network Security Group
IT IS NECESSARY TO CREATE NETWORK SECURITY GROUP BECAUSE IT HELP TO GIVE RULES TO APPLICATION SECURITY GROUP

NEXT MOVE Associate the NSG with the app-vnet backend subnet.

NSGs can be associated with subnets and/or individual network interfaces attached to Azure virtual machines.
Select Go to resource or navigate to the app-vnet-nsg resource.
In the Settings blade select Subnets.
Select + Associate
Select app-vnet (RG1) and then the Backend subnet. Select OK.

STEP 4 Create Network Security Group rules
An NSG use security rules to filter inbound and outbound network traffic.
In the search box at the top of the portal, enter Network security groups. Select Network security groups in the search results.
Select app-vnet-nsg from the list of network security groups.
In the Settings blade, select Inbound security rules.
Select + Add and configure an inbound security rule.

Source
Any
Source port ranges
*
Destination
Application security group
Destination application security groups
app-frontend-asg
No application security groups found
Service
SSH
Destination port ranges
22
Protocol
Any
TCP
UDP
ICMPv4
ICMPv6
Action
Allow
Deny
Priority
100
Name
AllowSSH

Getting Started with Virtual Network Setup

Ajayi Daniel — Mon, 08 Sep 2025 15:17:03 +0000

WHAT IS A VIRTUAL MACHINE: A Virtual Network (VNet) in cloud computing is a software-based version of a physical network that allows cloud resources (like virtual machines, databases, and applications) to securely communicate with each other, the internet, and on-premises networks

STEP BY STEP GUIDE IN SETTING UP A VIRTUAL MACHINE

STEP 1 : Search for and select Virtual Networks.

NEXT STEP YOU CLICK ON CREATE

FILL UP THE BASIC ON CREATE VIRTUAL NETWORK

FILL UP IP ADDRESSS

FILL UP THE SUBNET FOR FRONTEND

ADD ANOTHER SUBNET BACKEND

select “Review + create and then Create

STEP 2 CREATE THE HUB-VNET VIRTUAL NETWORK CONFIGURATION

CREATE A VIRTUAL NETWORK AND CLICK ON CREATE

FILL UP THE BASIC

FILL UP THE IP AND SUBNET

REVIEW AND CREATE

CLICK ON CREATE

STEP 3 Configure a peer relationship between the virtual networks

Search for and select the app-vnet virtual network.

CLICK IN THE APP- VNET AND SELECT PEERING

Add a peering between the two virtual networks

SUCCESFUL PEARING OF HUB TO APP VNET

HOW TO CREATE A KEYVAULT ON AZURE WITH CMD STEP BY STEP GUIDE

Ajayi Daniel — Sun, 07 Sep 2025 02:07:26 +0000

WHAT IS KEYVAULT
Azure Key Vault is a cloud service from Microsoft that helps you store and protect sensitive information like: Secrets (e.g., passwords, connection strings, API keys) Keys (e.g., encryption keys)
Certificates (e.g., SSL/TLS certificates) Instead of hardcoding secrets in your app or keeping them in plain text, you put them in Key Vault. Your app can then fetch them securely when needed.

STEP BY STEP GUIDE ON CMD
STEP 1 LONGIN INTO AZURE ON CMD WITH AZ LOGIN

click on the email registered on azure

NEXT STEP YOU WILL TYPE 1 TO LOG IN PERFECTLY DUE TO SUBSCRIPTION IS 1

TYPE 1

STEP 2 CREATE RESOURCEGROUP WITH THIS CODE = az group create --name myresourcegroup --location eastus

STEP 3 CREATE THE KEY VAULT WITH THIS CODE = az keyvault create --name mykeydaniel123 --resource-group myresourcegroup --location eastus

Purpose of using clI Instead of clicking around in the Azure Portal, you can script everything with CLI

STEP 4 ROLE ASSIGNMENT TO MAKE ABLE TO STORE THE KEY=az role assignment create --assignee 3095d940-46b7-4239-bfed-f46a193281c1 --role "Key Vault Secrets Officer"--scope "/subscriptions/fdf2e0bf-0c36-45cc-8ae5-2f2e84aa3dbe/resourceGroups/myresourcegroup/providers/Microsoft.KeyVault/vaults/mykeydaniel123"

This command is how you assign permissions in Azure when the Key Vault is using RBAC (Role-Based Access Control) instead of access policies.

STEP 5 STORE SECRET KEY WITH THIS CODE =az keyvault secret set --name mysecret --value "kolawole@123" --vault-name mykeydaniel123

Storing secret keys in Azure Key Vault through CMD is important because it keeps sensitive data (like passwords, API keys, and connection strings) safe, centralized, and encrypted. Instead of exposing secrets in code or config files, you use secure commands to store and retrieve them, ensuring better security, access control, and compliance.

STEP 6 RETRIEVE SECRET KEY VALUE MAKE USE OF THIS CODE =az keyvault secret show --vault-name mykeydaniel123 --name mysecret --query value -o tsv

Azure Key Vault lets you securely store and retrieve secrets like passwords or API keys using simple CLI commands. This ensures sensitive data stays protected, centralized, and easily managed without exposing it in your code.

STEP 7 USEFUL LISTING MAKE USE OF THIS CODE =az keyvault secret list --vault-name mykeydaniel123 -o table

HIGLIGHT OF THE EFFECT OF CREATING KEYVAULT ON CMD AND REFLECTING ON YOUR MAIN AZURE PORTAL

How to Store Secrets keys in Azure Key Vault

Ajayi Daniel — Fri, 05 Sep 2025 17:58:45 +0000

What is Azure Key Vault
Azure Key Vault is a secure cloud service for storing and managing secrets, keys, and certificates so apps don’t expose sensitive data

Azure Key Vault is that safe deposit box where the following are been stored
Passwords
API keys
Database connection strings
Encryption certificates
Therefore Only the apps or people you authorize can open it.

The benefit of Azure KeyVault

Security: Protects secrets with strong encryption.
Access Control: You control who/what can access the vault (via Azure Active Directory).
Central Management: All secrets in one place, no need to hard-code them into apps.
Automation: Apps can retrieve secrets directly when running, instead of developers copying them around.

STEP BY STEP IN CREATING AZURE KEY VAULT

STEP 1 Select Create a resource GROUP

Click on create

click on create

Step 2
In the Search services, search for and select Key Vault to find the Azure Key Vault service. The Key Vault pane appears.

You click on create

You impute all the necessary information

To enable purge if someone deletes a vault or object, Azure keeps it in a retention period (e.g., 90 days by default).

It cannot be purged during that period → you can recover it if deleted by mistake or by an attacKer

click on create

Deployment complete

After validation passes, select Create to create the Azure Key Vault.

After the deployment is complete, select Go to resource. Your Key vault pane appears.
The name of the key is dairy

Step 3 add a new secret to the vault.
In the left menu pane, under Objects, select Secrets. The Secrets pane appears for your key vault
In the top menu bar, select Generate/Import. The Create a secret pane appears.

Enter a name, value,

You Must add role to be able to keep A Key secret

Show the secrete key
verify that the secret value has been set
Select your secret from the list. The Versions pane appears for your secret.
Select the CURRENT VERSION of the secret. The Secret Version pane appears.
Select Show Secret Value to see the value assigned to the secret.

How To Configure Microsoft Defender for Cloud Enhanced Security Features for Servers

Ajayi Daniel — Tue, 26 Aug 2025 09:45:05 +0000

Microsoft Defender for Cloud is Microsoft’s cloud-native security platform that helps protect workloads across Azure, on-premises, and multi-cloud environments.
Core Capabilities
Workload Protection
Provides Defender plans for specific workloads:
Defender for Servers 🖥️
Defender for SQL Databases 💾
Defender for Storage 📦
Defender for Key Vault 🔑
Defender for Containers
Defender for App Services, API Management, etc.
Threat Detection & Alerts
Detects real-time threats using built-in threat intelligence and machine learning.
Raises security alerts for suspicious activity (malware, brute-force attacks, anomalous logins, etc.).

Step By Step to configure Microsoft Defender for Cloud Enhanced Security Features for Servers

Step 1: Enable Microsoft Defender for Servers
Sign in to the Azure Portal → Go to Microsoft Defender for Cloud.

Step 2: In the Management section, select Environment settings.
Choose the subscription or management group where you want to enable enhanced security.

step 3 select Environment settings.
Choose the subscription or management group where you want to enable enhanced security.

Step 4 In the Settings blade, under Defender plans, expand Cloud Workload Protection (CWP).
From the Cloud Workload Protection (CWP) Plan list, select Servers. On the right side of the page, change the Status from Off to On, then click Save.

step 5 change the Status from Off to On, then click Save.

Step 6 To review the details of Microsoft Defender for Servers Plan 2, select Change plan