Using your Belgian eID or any other smartcard to securely deploy Windows Azure Cloud Services

Just like most people I love how easy it is to work with the Windows Azure platform. You download a publish settings file, import it in Visual Studio and now you have access to the complete subscription. Besides that you can use it in the PowerShell Cmdlets, in the azure-cli, use it in combination with the Service Management API… But what happens when other people get a hold of your publish settings file? Do you realize they can access all your data? That they can connect to your Cloud Services using Remote Desktop and get a hold of your code? That they can stop Virtual Machines and download the disks? … Now before reading the rest of this post, I suggest you go to the Windows Azure portal, to the Settings menu and finally the Management Certificates tab. How many certificates do you see? 10? 20? 100? Most of these certificates come from a publish settings file (which is just an XML file that contains your subscriptions and a certificate). For each certificate you see there, do you know who has access to them? Oh and while we’re at it, do you know how secure these publish settings file are exactly? Well, … they’re not. If someone steals your USB-stick, your laptop or any other device holding your publish settings file then I suggest you quickly remove those certificates from the portal.