What if you could eliminate static secrets entirely? That’s the promise of modern cloud-native approaches, but they come with their own tradeoffs. In this second post of the series, I’ll take you beyond traditional storage methods to explore federated identities, managed identities, and secret vaults. You’ll learn when each approach makes sense and how to protect yourself from the new attack vectors they introduce.

Have you ever wished you could tighten your OIDC integration between Azure and GitHub? Ever wanted to restrict the connection to specific workflows instead of entire repositories? In this post, I’ll explore Azure’s flexible federated identity credentials and how you can use custom expressions to validate OIDC token claims.

The process of compiling a .NET project and creating a ZIP file for deployment is often more complicated than it needs to be. Most CI/CD systems use a series of commands and external dependencies to build and package the project. This post shows how to use built-in functionality to simplify the process to a single call to dotnet publish.

Scaling systems is a process that is often counter-intuitive. It’s not just about adding more resources. It’s about understanding the bottlenecks and how to overcome them. After years spent troubleshooting highly scaled systems, I’ve learned a few things that can make the journey easier.

Ever needed to automate creating an Azure Entra ID (Azure Active Directory) application and federating it with GitHub? With just a little PowerShell, you can!

With the rise of OIDC, we no longer need to rely on secret keys or passwords to connect two services together. Instead, we can configure a trust relationship between the services and use that to securely request tokens for accessing resources. Adopting this approach can simplify things, but it can be scary for security teams and developers; they want to understand what makes this process work. In this post, walk through what’s happening under the covers.

I’ve seen lots of teams trying to increase the availability of GitHub runners for their organization by implementing GitHub Actions Runner Controller (ARC). In some cases, they hope to try to exceed GitHub’s 99.9% SLA. Unfortunately, the math works against them. In this post, I’ll explain why.

Continuing with the discussion of mastering Azure, it’s time to understand how the Azure VM SKU families are named. Most people don’t realize that each letter is actually associated with a mnemonic that is designed to make it easy to identify the ideal workload. In addition, the complete SKU name is designed to tell you key details about the VM capabilities in a way that’s easy to remember.

While I was at VS Live Nashville, I heard the same question multiple times: if you’re new to Azure, how do you get started? There are nearly 300 different services, and the numbers continue to grow. That’s a lot to try to understand without a roadmap. I have a few suggestions to make the learning process more manageable …

What if I told you that the portal experience you see with the Microsoft-provided resources was also available for your resources? Want to build a nice wizard for your ARM template? It’s time to dive deeper into Azure and learn how to develop ARM and Bicep templates like a pro. Learn to create your own custom Azure Portal experience!