← Infrastructure as Code & CI/CD
Policy & Secrets as Code
Security and compliance enforced automatically — not in a review meeting.
Rules that live in a wiki get ignored; rules that live in the pipeline get enforced on every change. I express policy as code with OPA or Sentinel and run compliance checks as pre-merge guardrails, so insecure or non-conformant infrastructure is rejected automatically rather than caught — or missed — in a review meeting. Secrets get the same rigour: managed and rotated through tools like Vault, scanned out of the codebase, and issued to pipelines as short-lived, least-privilege identities, so credentials stop being the soft underbelly of an otherwise automated system.
What's included
- Policy as code (OPA, Sentinel)
- Automated compliance checks in CI
- Secrets management & rotation
- Least-privilege pipeline identities
- Pre-merge guardrails
Infrastructure as Code & CI/CD
Let's talk about your project.
Tell me about your system and what you're trying to achieve — I'll tell you honestly how I can help.
Start a conversation