Blogs

You probably are wondering how this website is built and where it is hosted. Maybe you already find out the answer to the first question. This website is powered by Ghost. Ghost is a free and open source blogging platform. They have 2 versions, one managed and one self-hosted. I opted for the self-hosted solution since I usually like to deep dive into IT related projects. Also I wanted to learn how to deploy a blogging website to a self-hosted platform. My blog represents my company AJTech Consulting. This blog is hosted on Google Cloud Platform (GCP) and deployed via Terraform (which is an Infrastructure as Code tool) into Docker containers. A container running the Ghost engine, one running the MySQL database and a container running the reverse proxy with Traefik. A reverse proxy is a server that accepts a request from a client and then forwards the request to another server. So basically it sits in front of backend applications. To keep the containers up-to-date and receive important updates I regularly run a script on the Linux VM. ...

Usually when running software workload (e.g. script or container-based applications) an identity is involved for authentication and access resources. Software workload running inside Microsoft Azure can use a Service Principal or (User)-Managed Identity. However, when running software workload outside Azure most of the times we have to use credentials (like secrets or certificates) in order to access Azure AD protected resources such as Azure Key Vault or Azure Storage. This can pose a risk since secrets needs to be stored somewhere and regularly rotated to improve security. ...

Detecting and discovering secrets or (hardcoded) passwords in a code repository should be an ongoing process for everyone involved in code development. But this process should not take all the time so that we have more time to contribute to good code quality. Fortunately, nowadays there are various tools that help us to automatically check that no sensitive data is present. Secrets, such as API keys and passwords are a well-known example of this. Continue reading on how you can easily do this in your local dev environment with Gitleaks. ...

With the recently introduced service principal & managed identity in Azure DevOps by Microsoft it is now possible to replace the less secure Personal Access Token (PAT) to connect to Azure DevOps resources. These resources can be accessed via the Azure DevOps API such as Work Items, Pipelines and Repositories and is used by many automated processes. An example could be to use an Azure Function app. In this article I want to show how you can connect to Azure DevOps with a user managed identity with the use of Azure Identity library. This library is recommended if you intend or if you are working with C# codebase. The user managed identity is an Azure resources which can be easily managed in Azure. ...

ChatGPT has become increasingly popular in recent months. At the time of writing, version 3.5 is in active use by the public and the even more advanced version 4 is being integrated by large companies such as Microsoft. Compared to ChatGPT-3.5 the latest version is able to process a much larger input, up to 25.000 words and makes fewer mistakes called ‘hallucinations’. The most convenient way to get started with ChatGPT is to register as a new user on the OpenAI website for free. However, a major drawback is the lack of performance when using the official ChatGPT UI platform with the free account. That’s a pity, because the strength of ChatGPT is the speed of generating a response. There are several options to take advantage of the high speed. You can either subscribe to ChatGPT and use a paid plan for $24 p/m or you can get started yourself by using an API key in combination with a self-hosted, open source, user interface. ...

When we work with data we can use different ways of security. For my own project where I often use scripts on Linux machines, I figured out how to keep passwords safe. I used gopass. This is an open source UNIX password manager that uses gpg and version control with git. This means that passwords are encrypted and decrypted with gpg while keeping all the changes in a Git repository. This makes it very very flexible, because a git clone can always be made in case a new machine needs to be set up or if several devices want to use the password manager. If you are comfortable with the command-line interface keep reading, because we are going to execute multiple commands! I’m going to demonstrate these commands on a Linux (Debian OS) machine, but feel free to use another system. ...

On a project I was working on, I recently researched how to apply Postman CLI to an Azure DevOps pipeline. Postman is a powerful tool to run both manual tests and ultimately to have these tests performed automatically. For the automated tests I have actually always used Newman until now, but recently I also used Postman CLI. I believe that Postman CLI setup is easier. I assume that you have a basic understanding of Postman. ...