Home

Configure Git to Sign All Your Commits with GPG (Step‑by‑Step) Signing your commits proves they came from you and haven’t been altered. Many teams now require signed commits to protect their supply chain. In this guide you’ll generate a GPG key, configure Git to sign every commit and tag, upload your public key to GitHub/GitLab/Bitbucket and fix common errors. TL;DR (copy–paste quick start) Why Sign Commits? Prerequisites 1) Install GPG Install GPG using your platform’s package manager. Here are commands for common… Read more: Configure Git to Sign All Your Commits with GPG (Step‑by‑Step)

Ensuring our Terraform modules are well-documented is a key part of our development process. But, let’s be honest, keeping docs up-to-date is a tedious task! Luckily, there’s an efficient tool out there that makes the process simpler and quicker – terraform-docs! Terraform-docs is an open-source, cross-platform tool, that can automatically generate comprehensive documentation for your Terraform modules. Sounds great, right? The most exciting part is it can generate your docs in multiple formats including markdown, JSON, XML, YAML, or pretty text format!… Read more: Automated Documentation Generation for Terraform Modules with terraform-docs

When I sit down to craft a Terraform module, I ask myself how future me—and the teams inheriting my code—will reason about every decision. I remind myself to start with clarity, keep security opinionated but flexible, and prove the workflow end to end before anyone else runs terraform apply. I literally keep a checklist on my desk that asks, “Have I explained why this variable exists? Have I enforced the right guardrails? Have I shown someone how to run this without me?”… Read more: Building a Production-Ready Azure VM Terraform Module

Ingress migrations aren’t just networking—they’re chances to raise the security bar without slowing delivery. Here’s the playbook that worked for us moving from NGINX Ingress to Azure Application Gateway (AGIC), with Azure Front Door at the outer edge. 1) Mirror before you moveList exactly what your current edge does: TLS versions, HSTS, CORS allowlist, request/body size limits, header rewrites, timeouts, path normalization. If you can’t name it, you can’t keep it. 2) Place controls where they fit best 3) Make security headers… Read more: Turning an Ingress Migration into a Security Upgrade (NGINX → Azure Application Gateway/AGIC)

Signing your commits proves they came from you and haven’t been altered. Many organizations require signed commits to protect their supply chain. This step-by-step guide walks you through generating a GPG signing key, configuring Git to sign every commit and tag, uploading your public key to popular Git hosting services (GitHub, GitLab, Bitbucket), and troubleshooting common errors. TL;DR (Quick Start) Why Sign Commits? Prerequisites 1) Install GPG macOS On macOS, install GnuPG and the graphical pinentry program with Homebrew, then configure GPG… Read more: Configure Git to Sign All Your Commits with GPG (Step-by-Step)

You know, when I first started using Terraform and Infrastructure as Code, I honestly didn’t realize how crucial static code analysis could be. At the time, I was more focused on just getting things deployed quickly and keeping costs down. But as our infrastructure got bigger, I started noticing all sorts of weird issues—misconfigured resources, risky security settings, and things that just felt “off.” That’s when I learned the hard way that waiting until the last moment to catch these problems can… Read more: Terraform Journey – Think as a DevOps Engineer

Master Azure Artifacts packaging, retention, and governance to empower hybrid DevSecOps teams shipping from monorepos, microservices, and data science workloads. Why Azure Artifacts Matters Azure Artifacts provides a first-party, enterprise-grade package management service within the Azure DevOps ecosystem. It supports multi-format feeds (NuGet, npm, Maven, PyPI, Universal Packages) with integrated build automation, permissions, and compliance tooling. By consolidating storage, provenance, and policy, Artifacts helps: Core Concepts Concept Description Security Considerations Feed Logical collection of packages, scoped to an Azure DevOps project or… Read more: Azure DevOps Artifacts: End-to-End Patterns and Use Cases

In global enterprises, the Azure Virtual WAN (VWAN) enterprise fabric is no longer a purely network-engineering effort. The DevOps engineer has become the connective tissue that translates intent into approved designs, reproducible infrastructure, and validated operations. This article dives deep into why their contributions inside design sessions are vital, and how a single DevOps leader can anchor decision velocity when Microsoft Azure networking is the only platform in scope. What Makes an Azure VWAN Enterprise Fabric? Azure Virtual WAN is Microsoft’s cloud-native… Read more: DevOps as the Decision Backbone for Azure VWAN Enterprise Fabric

Reusable workflows enable security platform teams to codify guardrails once and roll them out to every repository. This article walks through building a multi-stage pipeline where security controls move as code, not documentation. Architectural Pattern Producer Repo Hosts versioned reusable workflows (.github/workflows/*.yml) that encapsulate validation, testing, and deployment steps with security baked in. Consumer Repos Call the reusable workflows via uses: org/security-workflows/.github/workflows/sast.yml@v2. Inputs/outputs expose just enough flexibility for app teams. Central Policy Organization rules enforce pinned SHAs, protected branches, and required checks so… Read more: Designing Reusable DevSecOps Workflows in GitHub Actions

A practical reference from first contact to writing your own modules Table of Contents What Ansible Is and How It Thinks Ansible is: Key properties: A mental model: Ansible Architecture At a high level: Key components: Installing and Setting Up Ansible On Linux Most common: Or from your package manager (versions may lag): On macOS Using Homebrew: Or via pip in a virtualenv (same as Linux). On Windows Typical options: Direct native support on Windows as a control node is not the… Read more: The Ultimate Ansible Guide

Why CodeQL Belongs in Your DevSecOps Pipeline Static analysis is most effective when it runs where developers work. GitHub Actions provides native integration with CodeQL, enabling you to: Reference Workflow The workflow below scans supported languages on a nightly cadence and for every pull request targeting main. It stores the CodeQL database as an artifact for deeper triage when needed. Pushing Quality Findings to the Right Teams GitHub converts CodeQL alerts into code scanning findings. Tighten the feedback loop by: Tip: Leverage GitHub’s autofix beta for… Read more: Automating SAST with GitHub Actions and CodeQL

It’s all about Infrastructure as Code and how we manage and provision our cloud resources, and tools like Terraform have become central to these processes. Here, we delve into the best practices for using Terraform with providers that require tokens or keys. Managing Keys and Tokens in Terraform Terraform relies on providers to interface with different cloud services. These providers often need tokens or keys for authentication. However, handling these tokens and keys in a secure manner is crucial. Let’s explore how.… Read more: Managing Tokens and Keys in Terraform: Best Practices

Not a chance. I outsource that memory to kubectl and keep my brain for coffee orders and incident timelines. ☕🚀 Here’s how I look clever without memorizing a phone book of resources: 1) See every resource + its short name This shows NAME, SHORTNAMES, APIGROUP, NAMESPACED, KIND. 2) When you remember the full name and want the short name 3) When you remember only the short name and want the full name 4) Sanity‑check the type (short names work here too) 5)… Read more: Do I memorize all the Kubernetes short names?

Today, I’d like to share a practical example of working with HashiCorp Packer. This amazing open-source tool is used for creating identical machine images for multiple platforms from a single source configuration. In this case, we will focus on creating a custom image and pushing it to the Azure Compute Gallery. Let’s get started! Step 1: Install Packer and Azure CLI To begin, you’ll need to install both Packer and Azure CLI on your machine. You can follow the respective official guides… Read more: Creating Custom Images and Pushing to Azure Compute Gallery with HashiCorp Packer

DevSecOps stands for Development, Security, and Operations. It is an evolution of the DevOps practice that integrates security practices throughout the software development lifecycle instead of treating security as an afterthought. In traditional software development, security reviews and testing often occur late in the release process. This approach can lead to vulnerabilities being discovered just before deployment, causing delays and costly rework. In a DevSecOps approach, security is embedded into each phase of the pipeline – from planning and coding to building,… Read more: Introduction to DevSecOps

GitHub is a web-based hosting service for Git repositories that provides tools for collaboration, code review, and project management. It builds on Git by offering a central place to store and manage repositories, making it easy for teams to contribute from anywhere. What is GitHub? GitHub is more than just a hosting service for Git repositories. It provides a collaborative platform where developers can store and track code, review changes, and manage projects in a centralized environment. Every repository on GitHub preserves… Read more: Introduction to GitHub

Git is a distributed version control system that allows developers to track changes in source code while collaborating with others. It records every change made to a project, enabling you to explore previous versions and revert when necessary. Getting started with Git involves a few basic commands: These commands form the foundation for using Git effectively. As you become more comfortable, you can explore advanced features like branching, merging, and tagging to support collaborative workflows and release management Configuring Git and Getting… Read more: Introduction to Git