DevSecOps

Introduction to Project Bicep - The evolution of ARM Templates

2021-06-18 · 14 min

You may have heard about ARM Templates. You may have heard about Project Bicep. What are they, how do they differ? Why would I use one over the other? That's exactly what we'll be exploring throughout this blog post!

GitHub Actions and Azure - Using Environments with GitHub Actions

GitHub Actions and Azure - Using Environments with GitHub Actions

2021-05-07

Once you have a working GitHub Actions workflow, the next challenge is safely deploying across dev, staging, and production with the right secrets in the right places. This episode deep-dives into GitHub Actions Environments: how to scope secrets per environment to enforce the principle of least privilege, configure required reviewers and wait timers as production gates, and assign service principals with minimal Azure RBAC permissions. A live demo deploys the cloudwithchris.com Hugo site to Azure Storage, making every concept concrete.

V016 - Weekly Technology Vlog #16

V016 - Weekly Technology Vlog #16

2021-04-19

Weekly Vlog #16 covers significant IoT Edge updates — including nested device hierarchies now GA and zero-touch provisioning blueprints — plus the GA of Azure API Management support for availability zones and a new open-source API portal. GitHub highlights include a detailed guide to implementing least-privilege secrets in GitHub Actions using environments and branch protection rules, and the GitHub CLI's new support for managing Actions workflows from the terminal. Chris recaps two Global Azure talks on Hugo static sites and GitHub Actions, shares a SecurityHeaders.com deep-dive using Azure CDN rules, and previews Azure RBAC data-plane content and an upcoming Azure Spring Cloud session.

33 - External Config and Claim Check Pattern - Easier Management and Externalising Payloads

33 - External Config and Claim Check Pattern - Easier Management and Externalising Payloads

2021-04-02

Chris and Peter cover two cloud design patterns in depth. The External Configuration Store pattern addresses one of the most critical security concerns in cloud development: keeping secrets and connection strings out of source code. They explore Azure Key Vault and Azure App Configuration as canonical implementations, discuss deployment slot behaviour, and highlight the risks of committing credentials to version control. The Claim Check pattern tackles a different challenge — what happens when your message payload exceeds the size limits of your messaging infrastructure (Azure Service Bus, Azure Queue Storage)? By externalising the payload to a data store and passing only a correlation ID on the queue, you gain scalability and flexibility at the cost of added latency. Azure Event Grid's automatic claim check generation is also demonstrated. Security is a thread running through both patterns: compromised config stores and poisoned messages both demand an operational response plan.

V013 - Weekly Technology Vlog #13 (Lots of Azure, DevOps & GitHub) Blogs, Quick-fire Azure Updates

V013 - Weekly Technology Vlog #13 (Lots of Azure, DevOps & GitHub) Blogs, Quick-fire Azure Updates

2021-03-28

Weekly Vlog #13 covers an action-packed Azure week: enterprise landing zones with modular designs, zonal disaster recovery via Azure Site Recovery, Security Center compliance enhancements, and Mark Russinovich's standout Ignite session on Azure innovation. The GitHub roundup highlights the GitHub Actions capture-the-flag security writeup and a multi-stage exploit chain from the GitHub Security Lab — essential reading for any DevSecOps practitioner. Cloud with Chris updates include the channel's most-viewed video to date on Git internals, a Fuse.js-powered site search, series navigation, and a packed April talk schedule featuring the Northern Azure User Group (alongside Scott Hanselman) and Global Azure Bootcamp.

V012 - Weekly Technology Vlog #12 (Busy week, and quite a few blog posts to cover!)

V012 - Weekly Technology Vlog #12 (Busy week, and quite a few blog posts to cover!)

2021-03-22

Three months and 350+ subscribers in, with content shipping every day of the past week: a GitHub Codespaces Cloud Drop, the final GPG commit-signing instalment covering YubiKey hardware key storage, a Welsh Azure User Group lightning talk on GitHub Actions, and a Terraform Cloud deep-dive on Azure state management. Azure news centres on Microsoft's commitment to bring Availability Zones to every region by end of 2021, new forecasted cost alerts for Azure Budgets, and the Start Small & Expand landing zone guidance from Sarah Lean and Thomas Maurer. GitHub updates include Dependabot gaining private registry support, CodeQL scanning for Solarigate traces, and a detailed post-mortem on the recent GitHub.com security incident.

V011 - Weekly Technology Vlog #11

V011 - Weekly Technology Vlog #11

2021-03-15

Vlog #11 debuts a refreshed brand and on-screen layout, then covers a busy week: the third instalment of Chris's GPG commit-signing series (linking keys to Git and GitHub), the Cache Aside cloud design pattern episode, and a preview of the upcoming YubiKey-focused Part 4. Azure news centres on the preview of Trusted Launch VMs (defending against bootkits and rootkits), Azure Defender for Storage's new malware-upload detection, and Naraya — the ML system Microsoft uses to predict and proactively mitigate infrastructure failures at scale. On the security operations side, GitHub and Azure DevOps announce automated token revocation for leaked PATs found on public GitHub repositories.

V009 - Weekly Technology Vlog #9 (1 year of Cloud With Chris, Azure Retirements, Microsoft Ignite)

V009 - Weekly Technology Vlog #9 (1 year of Cloud With Chris, Azure Retirements, Microsoft Ignite)

2021-03-01

Week nine of the vlog coincides with the one-year anniversary of the Cloud With Chris podcast. Chris kicks off a multi-part blog series on GPG key signing for Git commits, demonstrating how trivially easy it is to spoof a contributor's identity in Git without verification — and how GitHub's GPG validation feature closes that gap. Azure news this week is lighter than usual, covering serverless and low-code scenarios with PowerApps, the new Private Azure Marketplace, and the Azure Quota REST API, plus a significant list of retirement notices from the Azure Updates page all targeting 29 February 2024.

V007 - Weekly Technology Vlog #7 (Recap, NEW SITE, NEWS!)

V007 - Weekly Technology Vlog #7 (Recap, NEW SITE, NEWS!)

2021-02-15

Chris recaps his AzureIsh Live guest appearance and the messaging patterns episode with Will Eastbury covering pub-sub, priority queues, and pipes-and-filters. He showcases the Cloud with Chris v2 website prototype built in Hugo with AI-generated transcripts via Podscribe for accessibility, covers the npm dependency confusion attack vector affecting Azure Artifacts and GitHub packages, and highlights Azure's deployment to the International Space Station in partnership with HPE.

V006 - Weekly Technology Vlog #6 (Recap, Coming Up and NEWS!)

V006 - Weekly Technology Vlog #6 (Recap, Coming Up and NEWS!)

2021-02-08

Chris hosts the first live weekly vlog, recapping the Cloud Gaming Notes debut and a candid mental health conversation with Andrew Nathan. He covers Azure Security Center updates including dangling DNS protection for Azure Defender and the secure score API GA, spotlights Project Bicep as a new ARM template authoring experience with a VS Code extension, and highlights GitHub's engineering post on SLO-based deployment pipeline reliability.