Merge pull request #258051 from TerryLanfear/sec-231107

Court72 · web-flow · commit 591cca12a24c · 2023-11-13T10:40:07.000-07:00
new secrets best practices
diff --git a/articles/security/fundamentals/TOC.yml b/articles/security/fundamentals/TOC.yml
@@ -137,6 +137,8 @@
 
 - name: Data security, encryption, and storage
   items: 
+  - name: Best practices for protecting secrets
+    href: secrets-best-practices.md
   - name: Data security and encryption
     href: encryption-overview.md
   - name: Key management in Azure
diff --git a/articles/security/fundamentals/best-practices-and-patterns.md b/articles/security/fundamentals/best-practices-and-patterns.md
@@ -1,27 +1,31 @@
 ---
 title: Security best practices and patterns - Microsoft Azure | Microsoft Docs
 description: This article links you to security best practices and patterns for different Azure resources.
-services: security
+services: azure-security
 documentationcenter: na
 author: TerryLanfear
 manager: rkarlin
 
 ms.assetid: 1cbbf8dc-ea94-4a7e-8fa0-c2cb198956c5
 ms.service: security
 ms.subservice: security-fundamentals
+ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 08/29/2023
+ms.date: 11/13/2023
 ms.author: terrylan
 
 ---
 # Azure security best practices and patterns
 
-The articles below contain security best practices to use when you're designing, deploying, and managing your cloud solutions by using Azure. These best practices come from our experience with Azure security and the experiences of customers like you.
+This article contains security best practices to use when you're designing, deploying, and managing your cloud solutions by using Azure. These best practices come from our experience with Azure security and the experiences of customers like you.
 
-The best practices are intended to be a resource for IT pros. This might include designers, architects, developers, and testers who build and deploy secure Azure solutions.
+## Best practices
 
+These best practices are intended to be a resource for IT pros. This might include designers, architects, developers, and testers who build and deploy secure Azure solutions.
+
+* [Best practices for protecting secrets](secrets-best-practices.md)
 * [Azure database security best practices](/azure/azure-sql/database/security-best-practice)
 * [Azure data security and encryption best practices](data-encryption-best-practices.md)
 * [Azure identity management and access control security best practices](identity-management-best-practices.md)
diff --git a/articles/security/fundamentals/secrets-best-practices.md b/articles/security/fundamentals/secrets-best-practices.md
@@ -0,0 +1,36 @@
+---
+title: Best practices for protecting secrets - Microsoft Azure | Microsoft Docs
+description: This article links you to security best practices for protecting secrets.
+services: security
+documentationcenter: na
+author: TerryLanfear
+manager: rkarlin
+
+ms.assetid: 1cbbf8dc-ea94-4a7e-8fa0-c2cb198956c5
+ms.service: security
+ms.subservice: security-fundamentals
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 11/09/2023
+ms.author: terrylan
+
+---
+# Best practices for protecting secrets
+This article provides guidance on protecting secrets. Follow this guidance to help ensure you do not log sensitive information, such as credentials, into GitHub repositories or continuous integration/continuous deployment (CI/CD) pipelines.
+
+## Best practices
+
+These best practices are intended to be a resource for IT pros. This might include designers, architects, developers, and testers who build and deploy secure Azure solutions.
+
+- Azure Stack Hub: [Rotate secrets](/azure-stack/operator/azure-stack-rotate-secrets)
+- Azure Key Vault: [Centralize storage of application secrets](../../key-vault/general/overview.md)
+- Azure Communications Service: [Create and manage access tokens](../../communication-services/quickstarts/identity/access-tokens.md)
+- Azure Service Bus: [Authenticate and authorize an application with Microsoft Entra ID to access Azure Service Bus entities](../../service-bus-messaging/authenticate-application.md)
+- Azure App Service: [Learn to configure common settings for an App Service application](../../app-service/configure-common.md)
+
+## Next steps
+
+Minimizing security risk is a shared responsibility. You need to be proactive in taking steps to secure your workloads. [Learn more about shared responsibility in the cloud](shared-responsibility.md).
+
+See [Azure security best practices and patterns](best-practices-and-patterns.md) for more security best practices to use when you're designing, deploying, and managing your cloud solutions by using Azure.
diff --git a/articles/security/journey/TOC.yml b/articles/security/journey/TOC.yml
@@ -169,6 +169,8 @@
 
   - name: Data security, encryption, and storage
     items:
+    - name: Best practices for protecting secrets
+      href: ../fundamentals/secrets-best-practices.md?toc=/azure/security/journey/toc.json&bc=/azure/security/breadcrumb/toc.json
     - name: Azure Certificate Authority details
       href: ../fundamentals/azure-CA-details.md?toc=/azure/security/journey/toc.json&bc=/azure/security/breadcrumb/toc.json
     - name: Data security and encryption
