CI and CD are two different disciplines wearing one acronym. A practical guide to the merge gate that keeps main shippable, a real GitHub Actions pipeline with OIDC and caching, the deployment strategies that make releases boring, and the supply-chain gates that stop a poisoned build.
Oidc
-
CI/CD Pipelines in 2026: The Merge Gate, the Deploy Strategy, and the Supply Chain -
Secrets Management in 2026: From .env Files to Short-Lived, Identity-Based Credentials The point of secrets management is not a better place to hide a long-lived API key — it is to have fewer standing secrets and shorter-lived ones. A practical tour from .env hygiene to SOPS, Vault, dynamic credentials, Kubernetes reality, and workload identity that kills the "secret zero" problem.
-
Keycloak in Production: Realm Design, Federation, Kubernetes HA, and the Operational Reality of Running Your Own Identity Provider A comprehensive guide to running Keycloak in production: realm design strategies, client scopes and protocol mappers, LDAP/AD federation, authentication flows with WebAuthn and passkeys, Kubernetes HA deployment with the Operator, theme customization, and the operational reality nobody warns you about.
-
Authentik: A Self-Hosted Identity Provider for Everything Deploy Authentik as your self-hosted SSO identity provider — wire up OIDC and SAML for every app in your homelab, run an LDAP outpost for legacy services, replace Google login with something you control.