Let me immediately start off by admitting a bias – I have almost exclusively used Azure as my Public-Cloud-of-Choice for nearly 5 years at this point. I have the utmost respect for AWS, and believe it is a solid offering, but I simply don’t know much about it.

But here’s the thing. From what I can tell, most newcomers to network automation are similarly new to code, and thus, new to software design and architecture.

So I’m not here to discuss whether or not you should go for AWS or Azure, but rather just point out that the cloud NEEDS to be on your road map if you’re at all serious about developing sophisticated automated solutions.

Our upcoming course at CBT Nuggets is, to no surprise to anyone who follows me on social media, the Cisco DevNet Professional – Core (DEVCOR) course, and I truly believe this is the best content that we have ever uploaded. By the end of that course and upon certification, learners will be validated in understanding what it means to develop an actual application, even if that application only interacts with network devices. This includes Service-oriented application architectures, and creating and validating a CICD pipeline (my skill on CICD uses an Ansible Playbook to create Loopback addresses, unit tests to verify OSPF neighbors were not impacted, and combines Jenkins and GitHub in order to perform the tests and production delivery).

To me, this knowledge gained in the DEVCOR falls short if someone does not pursue either the AZ-204 Azure Developer studies or AWS Developer studies. I briefly hint on the power, simplicity, and affordability of the cloud throughout my DEVCOR content, and even demo it when it comes to securing passwords. Here is how to deploy an Azure Key Vault, and then use the Python Azure SDK to retrieve keys from the vault.

# Create the Resource Group
New-AzResourceGroup -Name KeyVaultRG -Location EastUS
# Create the Key Vault
New-AzKeyVault -Name 'My-Data-Vault' -ResourceGroupName 'KeyVaultRG' -Location 'East US'
# Give a User Permission to use the Vault
Set-AzKeyVaultAccessPolicy -VaultName 'My-Data-Vault' -UserPrincipalName 'knox@knoxsdata.com' -PermissionsToSecrets get,set,delete

Now the Python code for your app. Install the Python library for authenticating to Azure (Identity) and for working with Key Vault (keyvault-secrets)

pip install azure.identity
pip install azure-keyvault-secrets
# Create an Env Variable with your Key Vault Name
set KEY_VAULT_NAME=My-Data-Vault

Then write the codes

import os
import cmd
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

kv_name = os.environ.get("KEY_VAULT_NAME")
kv_Url = f"https://{kv_name}.vault.azure.net"

credential = DefaultAzureCredential()
client = SecretClient(vault_url=kv_Url, credential=credential)

# Create a secret to put in your Key Vault
# Note it works like a key:value pair
secretName = input("Input a name for your secret > ")
secretValue = input("Input a value for your secret > ")

client.set_secret(secretName, secretValue)

# Now get the secret from the key vault
retrieved_secret = client.get_secret(secretName)

So now we have a way to secure our credentials in the Azure cloud. It’s access is only allowed upon authentication and authorization by Azure Active Directory, it’s pretty much always available, and the kicker is the cost – $0.03/10,000 transactions.

There’s really no excuse for not securing your secrets at this point.

As learners progress through DEVCOR, they will learn about how to break down a monolithic, gigantic application into smaller pieces that all communicate to each other. The entire point of the cloud is to host each of these services on dedicated offerings.