Ensuring our Terraform modules are well-documented is a key part of our development process. But, let’s be honest, keeping docs up-to-date is a tedious task! Luckily, there’s an efficient tool out there that makes the process simpler and quicker – terraform-docs! Terraform-docs is an open-source, cross-platform tool, that can automatically generate comprehensive documentation for your […]
When I sit down to craft a Terraform module, I ask myself how future me—and the teams inheriting my code—will reason about every decision. I remind myself to start with clarity, keep security opinionated but flexible, and prove the workflow end to end before anyone else runs terraform apply. I literally keep a checklist on
Ingress migrations aren’t just networking—they’re chances to raise the security bar without slowing delivery. Here’s the playbook that worked for us moving from NGINX Ingress to Azure Application Gateway (AGIC), with Azure Front Door at the outer edge. 1) Mirror before you moveList exactly what your current edge does: TLS versions, HSTS, CORS allowlist, request/body
Signing your commits proves they came from you and haven’t been altered. Many organizations require signed commits to protect their supply chain. This step-by-step guide walks you through generating a GPG signing key, configuring Git to sign every commit and tag, uploading your public key to popular Git hosting services (GitHub, GitLab, Bitbucket), and troubleshooting
You know, when I first started using Terraform and Infrastructure as Code, I honestly didn’t realize how crucial static code analysis could be. At the time, I was more focused on just getting things deployed quickly and keeping costs down. But as our infrastructure got bigger, I started noticing all sorts of weird issues—misconfigured resources,
Master Azure Artifacts packaging, retention, and governance to empower hybrid DevSecOps teams shipping from monorepos, microservices, and data science workloads. Why Azure Artifacts Matters Azure Artifacts provides a first-party, enterprise-grade package management service within the Azure DevOps ecosystem. It supports multi-format feeds (NuGet, npm, Maven, PyPI, Universal Packages) with integrated build automation, permissions, and compliance
In global enterprises, the Azure Virtual WAN (VWAN) enterprise fabric is no longer a purely network-engineering effort. The DevOps engineer has become the connective tissue that translates intent into approved designs, reproducible infrastructure, and validated operations. This article dives deep into why their contributions inside design sessions are vital, and how a single DevOps leader
A practical reference from first contact to writing your own modules Table of Contents What Ansible Is and How It Thinks Ansible is: Key properties: A mental model: Ansible Architecture At a high level: Key components: Installing and Setting Up Ansible On Linux Most common: Or from your package manager (versions may lag): On macOS
Why CodeQL Belongs in Your DevSecOps Pipeline Static analysis is most effective when it runs where developers work. GitHub Actions provides native integration with CodeQL, enabling you to: Reference Workflow The workflow below scans supported languages on a nightly cadence and for every pull request targeting main. It stores the CodeQL database as an artifact for
It’s all about Infrastructure as Code and how we manage and provision our cloud resources, and tools like Terraform have become central to these processes. Here, we delve into the best practices for using Terraform with providers that require tokens or keys. Managing Keys and Tokens in Terraform Terraform relies on providers to interface with