Multi-Tenant Daemons with Microsoft Identity platform

Background I have recently speaking to a customer about the following scenario. Customer has an API that supposed to be consumed by some **trusted** daemon applications built and managed by their partners. It's not the interactive users (no signed in users via an web application) who will be using the API, rather some background process … Continue reading Multi-Tenant Daemons with Microsoft Identity platform

Secure your pipelines by frequently rotating secrets

TL; DR: This article and accompanying source codes helps you setting up an automated secret or certificate rotations for Azure service principals and Azure DevOps service connections. Jump into the technical part here. Background If you are deploying applications on Azure from Azure DevOps service connections (or GitHub actions) you are most likely using a … Continue reading Secure your pipelines by frequently rotating secrets

Elastic self-hosted pool for Azure DevOps

Introduction If you are using Azure Pipelines, then you surely have used Microsoft-hosted agent. With Microsoft-hosted agents, maintenance and upgrades are taken care of for you. However, there are times when self-hosted agents are needed (i.e. customized images, network connectivity requirements etc.). Pipeline agents can be hosted as stand-alone, on Azure virtual machine scale-sets, as … Continue reading Elastic self-hosted pool for Azure DevOps

Bridge to Kubernetes – be confident on shipping software

Bridge to Kubernetes is a successor of Azure Dev Space. Distributed software’s are comprised of more than one services (often referred as micro-services), they depend on each other (one service invoking APIs of another service) to deliver capabilities to end users. While separations of services bring flexibility in delivering features (or bug fixes) faster, it … Continue reading Bridge to Kubernetes – be confident on shipping software

Azure DevOps Security & Permissions REST API

Every Few months I notice the following Saga repeats. I face a challenge where I need to programmatically manage security aspects of Azure DevOps resources (like Repository, Pipeline, Environment etc.). I do lookup the Azure DevOps REST API documentation, realize that the Permissions & Security API's are notoriously complicated and inadequately documented. So, I begin … Continue reading Azure DevOps Security & Permissions REST API

Restricting Unverified Kubernetes Content with Docker Content Trust

Docker Content Trust (DCT) provides the ability to use digital signatures for data sent to and received from remote Docker registries. These signatures allow client-side or runtime verification of the integrity and publisher of specific image tags. Image source: Docker Content Trust Through DCT, image publishers can sign their images and image consumers can ensure … Continue reading Restricting Unverified Kubernetes Content with Docker Content Trust

Access Control management via REST API – Azure Data Lake Gen 2

Background A while ago, I have built an web-based self-service portal that facilitated multiple teams in the organisation, setting up their Access Control (ACLs) for corresponding data lake folders. The portal application was targeting Azure Data Lake Gen 1. Recently I wanted to achieve the same but on Azure Data Lake Gen 2. At the … Continue reading Access Control management via REST API – Azure Data Lake Gen 2

Inter-process communication on Windows Containers

Background Legacy monolith applications that are built to run on single beefy server can take advantage of containers to simplify the deployment model and also potentially opens possibility to re-architect piece by piece without triggering a complete rewrite. I ran into a scenario where I am considering wrap up a large monolith (with many threads … Continue reading Inter-process communication on Windows Containers

Continuously deploy Blazor SPA to Azure Storage static web site

Lately I am learning ASP.net Blazor – the relatively new UI framework from Microsoft. Blazor is just awesome – the ability to write c# code both in server and client side is extremely productive for .net developers. From Blazor documentations: Blazor lets you build interactive web UIs using C# instead of JavaScript. Blazor apps are composed … Continue reading Continuously deploy Blazor SPA to Azure Storage static web site