Skip to content

CI/CD on Azure with Azure DevOps

At Tokenise, we use Azure DevOps as the central platform for implementing Continuous Integration (CI) and Continuous Deployment (CD) across our services and infrastructure on Microsoft Azure.

Our CI/CD pipelines are designed to be secure, reproducible, and environment-aware, supporting rapid delivery while maintaining operational stability.

Azure DevOps in Tokenise

Azure DevOps provides Tokenise with:

  • Centralized source control (Azure Repos)
  • YAML-based pipelines as code
  • Secure variable and secret management
  • Native integration with Azure services
  • Fine-grained access control and auditability

All pipelines are versioned alongside the application code to ensure transparency and traceability.

CI/CD Philosophy

Tokenise follows these CI/CD principles:

  • Infrastructure and pipelines as code
  • Immutable artifacts promoted across environments
  • No secrets stored in repositories
  • Environment separation (Dev / Staging / Production)
  • Automated validation before deployment

Continuous Integration (CI)

CI pipelines are triggered on:

  • Pull requests
  • Commits to protected branches (e.g. main, release/*)

Typical CI responsibilities include:

  • Source code checkout
  • Dependency installation
  • Linting and static analysis
  • Unit and integration tests
  • Docker image builds
  • Artifact publishing

CI ensures that every change is validated before it is eligible for deployment.

Continuous Deployment (CD)

CD pipelines handle the controlled promotion of artifacts into Azure environments.

Common deployment targets at Tokenise include:

  • Azure App Services
  • Azure Virtual Machines
  • Container registries (ACR)
  • Kubernetes clusters
  • Static web hosting

Deployments are automated but gated using:

  • Environment approvals
  • Branch policies
  • Role-based access control

Environment Management

Each environment has its own configuration and secrets:

  • Development
  • Staging
  • Production

Environment-specific values are injected at runtime using tokenization and Azure DevOps variable groups, ensuring the same artifact can be reused without modification.

Security and Secrets

Security is a core part of the Tokenise CI/CD model:

  • Secrets are stored in Azure Key Vault
  • Pipelines access secrets via linked variable groups
  • Secrets are masked in logs
  • No sensitive values are committed to source control

This approach reduces exposure and simplifies secret rotation.

Observability and Traceability

Tokenise pipelines provide:

  • Build and deployment history
  • Traceability between commits, builds, and releases
  • Audit logs for approvals and executions

This enables fast troubleshooting and compliance with operational standards.

Summary

DevOps aproaches enables Tokenise to deliver software on Azure in a consistent, secure, and automated manner. CI/CD pipelines act as the backbone of our delivery process, ensuring quality, repeatability, and scalability across all environments.