Our journey towards DevOps self-service has reached a few good milestones so far. We first explored DevOps Self-Service Pipeline Architecture and Its 3–2–1 Rule, then we dived into DevOps Self-Service Centric Terraform Project Structure, and in our last article, we talked about DevOps Self-Service Centric GitHub Actions Workflow Orchestration.
Coming from a traditional DevOps mindset, you may still be a bit skeptical. What about security measures and guardrails for such DevOps self-service? Security is at the forefront of everyone’s mind nowadays. Designing and implementing your pipelines to ensure sound security is paramount.
DevOps self-service calls for relinquishing control to the developers. How can we have peace of mind when handing DevOps pipeline ownership to developers? Great question you asked. We hear you loud and clear! Security and guardrails are key implementation pieces on this path to DevOps self-service. In this article, let’s focus on pipeline security and guardrails, and you will see why you can have peace of mind when rolling out your DevOps self-service practice.
First, let’s briefly revisit our pipeline architecture. Notice the part highlighted in red below: This is the repository where your reusable Terraform modules and GitHub Actions workflows reside. Here, you’ll need to implement your pipeline security and guardrails. This repository hosting your reusable workflows and modules acts like the engine of your DevOps self-service vehicle. With these security and guardrail measures implemented in this centralized repository, you have a higher quality engine, which helps guarantee a smoother ride.