Notes from the field
Writing on cloud, DevOps, security, and AI engineering, informed by what actually goes wrong in production.
Azure DevOps Variable Groups and Key Vault: the right way
Linking Azure Key Vault to Azure DevOps Variable Groups is the cleanest way to handle secrets in pipelines. Here's how to set it up properly, and the gotchas to avoid.
Self-hosted GitHub Actions runners on Azure: when, and how
When to move off GitHub-hosted runners onto your own Azure VMs or container apps and how to do it without inheriting an ops nightmare.
Deploying Next.js to Azure App Service with GitHub Actions
A practical, production-ready setup for deploying Next.js to Azure App Service via GitHub Actions — including standalone output, OIDC, and the gotchas no one warns you about.
Azure DevOps YAML pipelines: multi-stage patterns that scale
How I structure multi-stage YAML pipelines once a single-file pipeline gets unwieldy. Templates, environments, approvals, and the small things that make a big difference.
Federating GitHub Actions to Azure with OIDC — no more client secrets
A walkthrough of how to deploy from GitHub Actions to Azure without storing a client secret anywhere. Faster, safer, easier to rotate.
GitHub Actions vs Azure Pipelines: when to use which in 2025
Both are excellent. The question isn't which is 'better' — it's which fits your team's working model. A practical breakdown.