**Tags:** #AllOps #StyleGuide #Engineering > [!info] > This guidance is intended for Decombine Engineering internal use. It is openly shared as part of Decombine's commitment to open core practices. ## Identify opportunities to assist in standardization Standardization is key to ensuring our ability to onboard and iterate quickly. If you identify an opportunity to help establish a standardized baseline (particularly through programmatic capabilities) such as including a tool in Chocolatey, please make the suggestion. ## Use Managed Identities whenever possible Azure Managed Services Identities and User Assigned Identities should be used whenever possible. MSI reduce our risk footprint by alleviating the need to manually handle service principal secrets and rotation (which are instead handled automatically by the service). ## Use built-in roles for RBAC Identify and use built-in roles that are appropriate to the application requirements. The roles can be assigned to a respective MSI ID. ## Use recommended naming for resources Recommended resource abbreviations should be used to simplify development. Recommendations can be found here: [Abbreviation examples for Azure resources](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations) ## Application Configuration Values Application Configuration values are distributed through the App Configuration Store (appcs). Services should use a dedicated appcs or a regional appcs. The global appcs should not be used for end-user services, but instead for backend infrastructure and operations. ## Secret Management Secret management values are distributed by Key Vaults (kv). Each application should store its values in dedicated kv or regional kv. A global kv is available for global values consumable across the organization, but limited by policies appropriate to the consuming application.