profile

Aaronontheweb

The Latest from Aaronontheweb: Signing NuGet Packages Using Azure DevOps and Workload Identity Federation

Published 7 months ago • 1 min read

Signing NuGet Packages Using Azure DevOps and Workload Identity Federation

Published on April 14, 2025 in

12 minutes to read

Azure released a major update to some of their VM images last week and it’s caused a number of problems for me:

  1. mono support was removed from ubuntu-latest, which caused all of our FAKE v4.0 builds to no longer work for Akka.NET and several of our other mature projects;
  2. SignService, our workhorse for Authenticode signing all Petabridge NuGet packages for the past seven years, stopped working suddenly on the Azure App Service we’ve been using.

I have no idea what Microsoft did to kill this service off, but my guess is they finally stopped supporting the ancient version of .NET Framework this was running on starting on April 11th or so:

Rest in peace, SignService

We had owed a customer an update today and the race was on to find a replacement for SignClient - quickly. We quickly settled upon dotnet/sign - and then the race was on to figure out how to solve the infernal quagmire of Azure Entra / AAD permissions hell in order to access our Azure Key Vault where our signing certificate is stored.

This post explains how to do that.

Click here to read the full article.

Read more...

Aaronontheweb

.NET, Open Source, Startups, and Outer Space

I write about .NET, open source software, the Microsoft ecosystem, my adventures with startups, and outer space.

Read more from Aaronontheweb

Stop Failing The `git clone && run` Test Published on October 17, 2025 in 10 minutes to read I’ve done a ton of consulting as part of my work at Petabridge over the past 10 years and I run into developer onboarding problems constantly with new clients. It takes much longer than it should to clone a customer’s application from source control and successfully run it. Continuous deployment and continuous integration (CI/CD) get a ton of attention in the DevOps space, but improving the “first...

21 days ago • 1 min read

Your HTML Comments Are More Powerful Than You Think: Building Custom Validation Grammars with HtmlAgilityPack Published on October 1, 2025 in 20 minutes to read We were getting ready to redesign and simplify phobos.petabridge.com - our Akka.NET observability platform documentation site. The plan was to remove a bunch of old pages, restructure the information architecture, and redirect everything properly so we wouldn’t break any inbound links from Google, Stack Overflow, or the blog posts...

about 1 month ago • 1 min read
Bessemer Ventures AI ARR vs. burn benchmarks

There Has Never Been a Better Time to be a Junior Developer - And It Won't Last Forever Published on August 22, 2025 in 11 minutes to read Everyone in tech is convinced that AI will eliminate junior developers first. “Why hire a junior when AI can write code?” they ask. The prevailing wisdom is that entry-level developers are most vulnerable to automation. They’re dead wrong. I wrote “The Future of AI Belongs to Experienced Operators with Good Taste” a few months back and that’s still...

3 months ago • 1 min read