Handcrafted, AI-free blog posts about DevOps, DevSecOps, application security, web development, Azure and similar topics
The content describes a process for creating a git tag in Azure DevOps after each production deployment, using the assembly version from a .NET project. It outlines a pipeline job that retrieves the version, formats it, then creates and pushes a git tag, requiring specific permissions for the build service user.
The author describes troubleshooting an Azure DevOps YAML pipeline error related to a local-exec provisioner in terraform, which failed to grant necessary permissions due to a missing Azure Active Directory Readers permission. They detail the root causes, error findings, and ultimately the adjustments made to resolve the issue, focusing on least privilege principles.
The author sought a method to identify inactive GitHub Copilot Business license users. After troubleshooting errors, they successfully implemented a reminder workflow and contributed improvements.
An application’s pentest revealed weak SSL/TLS cipher suites in Azure App Services. To enhance security, non-forward-secrecy cipher suites must be disabled. Utilizing Terraform and the azapi provider, a workaround was implemented to configure the Minimum TLS Cipher Suite, enforcing modern cryptographic standards.
This post discusses restarting an Azure App Service in an Azure DevOps YAML pipeline after applying IaC config to update Azure Key Vault secrets during deployments.
Last week I struggled (again) running ASP.NET Core integration tests for an ASP.NET Core Web API that uses DefaultAzureCredential in a Azure DevOps YAML pipeline. To avoid having to struggle again, I am writing down my findings here. The initial situation There was an existing ASP.NET Core (.NET 8) Web API project that uses DefaultAzureCredential... Continue Reading →
This week, I faced challenges deploying an ASP.NET Core Web API to an Azure App Service using GitHub Actions and OpenID Connect. Initial attempts with azure/webapps-deploy@v3 failed due to missing credentials. A later try with azure/cli@v2 failed because the deployment file wasn't a valid zip. Properly zipping the files led to successful deployment.
The blog post details the process of rotating secrets stored in Azure Key Vault with each application deployment, utilizing Infrastructure as Code (IaC) principles via Terraform. It emphasizes the importance of secret rotation to minimize risks from leaks. An ASP.NET Core Web API is demonstrated as the application example, alongside procedural GitHub Actions for deployment.
The Azure DevOps YAML pipeline encountered an error requiring 'az login' during a Terraform task due to a local-exec provisioner executing a PowerShell script that needed Azure CLI access. Despite this error, the pipeline completed successfully. Activating runAzLogin resolved the issue, enabling the script's changes to be applied effectively.
In spring 2024, I developed offline capabilities for a Blazor Progressive Web App consisting of a .NET Web API and Blazor WASM client. This involved storing form data in local storage when offline and syncing the data when online again. The solution uses service worker to cache necessary assets, ensuring users could access forms without an internet connection.
blog.rufer.be 