Git

Introduction Hi 👋 my fellow tech enthusiasts. As a DevOps Engineer, I often find myself navigating the complex waters of IT challenges both at work and during my free time. Today, I want to share a recent journey into the world of DevOps where we’ll be deploying an Azure Storage Account using Terraform and Azure YAML Pipelines. So, grab your virtual life vests, and let’s embark on this adventure. Why Terraform and Azure YAML Pipelines? Terraform, an Infrastructure as Code (IaC) tool, is a powerful choice for provisioning and managing cloud resources. When combined with Azure DevOps YAML Pipelines, it becomes an even more powerful force for automating deployments, ensuring consistency, and facilitating collaboration within your DevOps team. ...

About 2 months ago I wrote a blog post about workload identity federation with GitHub Actions. When an application needs to access cloud based resources it often needs to think about authentication and authorization. Using workload identity federation there is no need to use any keys or secrets. For example, Google Cloud Platform and Microsoft Azure are providing this great feature. And now this feature has also been released for Azure DevOps! This means that organizations can now take advantage of this to provide an even more secure way to connect to Azure from Azure DevOps, or rather Azure Pipelines, via a Service Connection. ...

You probably are wondering how this website is built and where it is hosted. Maybe you already find out the answer to the first question. This website is powered by Ghost. Ghost is a free and open source blogging platform. They have 2 versions, one managed and one self-hosted. I opted for the self-hosted solution since I usually like to deep dive into IT related projects. Also I wanted to learn how to deploy a blogging website to a self-hosted platform. My blog represents my company AJTech Consulting. This blog is hosted on Google Cloud Platform (GCP) and deployed via Terraform (which is an Infrastructure as Code tool) into Docker containers. A container running the Ghost engine, one running the MySQL database and a container running the reverse proxy with Traefik. A reverse proxy is a server that accepts a request from a client and then forwards the request to another server. So basically it sits in front of backend applications. To keep the containers up-to-date and receive important updates I regularly run a script on the Linux VM. ...

Usually when running software workload (e.g. script or container-based applications) an identity is involved for authentication and access resources. Software workload running inside Microsoft Azure can use a Service Principal or (User)-Managed Identity. However, when running software workload outside Azure most of the times we have to use credentials (like secrets or certificates) in order to access Azure AD protected resources such as Azure Key Vault or Azure Storage. This can pose a risk since secrets needs to be stored somewhere and regularly rotated to improve security. ...

Detecting and discovering secrets or (hardcoded) passwords in a code repository should be an ongoing process for everyone involved in code development. But this process should not take all the time so that we have more time to contribute to good code quality. Fortunately, nowadays there are various tools that help us to automatically check that no sensitive data is present. Secrets, such as API keys and passwords are a well-known example of this. Continue reading on how you can easily do this in your local dev environment with Gitleaks. ...