Notes from the field
Writing on cloud, DevOps, security, and AI engineering, informed by what actually goes wrong in production.
Azure DevOps Variable Groups and Key Vault: the right way
Linking Azure Key Vault to Azure DevOps Variable Groups is the cleanest way to handle secrets in pipelines. Here's how to set it up properly, and the gotchas to avoid.
Self-hosted GitHub Actions runners on Azure: when, and how
When to move off GitHub-hosted runners onto your own Azure VMs or container apps and how to do it without inheriting an ops nightmare.
Deploying Next.js to Azure App Service with GitHub Actions
A practical, production-ready setup for deploying Next.js to Azure App Service via GitHub Actions — including standalone output, OIDC, and the gotchas no one warns you about.
Azure DevOps YAML pipelines: multi-stage patterns that scale
How I structure multi-stage YAML pipelines once a single-file pipeline gets unwieldy. Templates, environments, approvals, and the small things that make a big difference.
Bicep vs Terraform on Azure: a practical take
Both deploy Azure resources. Both are good. Here's how I actually choose between them on real projects.
Branch policies in Azure Repos: a production-ready setup
The branch protection settings I configure on every Azure Repos repo to keep main always shippable — and the ones I deliberately don't enable.
Federating GitHub Actions to Azure with OIDC — no more client secrets
A walkthrough of how to deploy from GitHub Actions to Azure without storing a client secret anywhere. Faster, safer, easier to rotate.
GitHub Actions vs Azure Pipelines: when to use which in 2025
Both are excellent. The question isn't which is 'better' — it's which fits your team's working model. A practical breakdown.