Author: Manjunath

“Life is about passions. Thank you for sharing mine” -- M. Schumacher
Nutshell Series

📘 Terraform Commands Cheatsheet

Manjunath

Terraform is a popular Infrastructure-as-Code (IaC) tool that lets you provision and manage infrastructure efficiently.
This cheatsheet covers the most common and essential Terraform CLI commands, grouped by category for quick reference.

🚀 Getting Started

terraform -help                   # Show all commands
terraform version                 # Show current Terraform version
terraform -install-autocomplete   # Enable shell autocomplete

📦 Initialization

Initialize a working directory containing Terraform configuration files.

terraform init           # Initialize Terraform in the current directory
terraform init -upgrade  # Re-download modules/providers with the latest versions

✅ Validate & Format

terraform validate       # Check if configuration is valid
terraform fmt            # Format .tf files to canonical style
terraform fmt -recursive # Format files in all subdirectories
terraform fmt -check     # Checks if all files are formatted

📋 Plan & Apply

terraform plan                  # Show what changes will be applied
terraform plan -out=tfplan      # Save plan to a file
terraform apply                 # Apply changes
terraform apply tfplan          # Apply saved plan
terraform apply -auto-approve   # Apply without asking for confirmation

🔥 Destroy

terraform destroy                 # Destroy infrastructure
terraform destroy -auto-approve   # Destroy without confirmation

📂 State Management

Inspect and modify Terraform’s state file.

terraform state list             # List resources in state
terraform state show <address>   # Show resource details
terraform state rm <address>     # Remove a resource from state
terraform state mv <src> <dest>  # Move resource in state

🌎 Workspaces

Workspaces let you manage multiple environments (e.g., dev, staging, prod).

terraform workspace list        # List all workspaces
terraform workspace show        # Show current workspace
terraform workspace new dev     # Create a new workspace
terraform workspace select dev  # Switch to a workspace

🔌 Providers & Modules

terraform providers          # Show required providers
terraform providers mirror ./mirror-dir   # Download provider plugins
terraform get                # Download and update modules
terraform get -update        # Re-fetch modules

🛠 Debugging & Misc

terraform graph              # Generate dependency graph (DOT format)
terraform refresh            # Update state with real infrastructure
terraform output             # Show outputs from configuration
terraform output             # Show specific output
TF_LOG=DEBUG terraform plan  # Enable debug logging

📑 Quick Workflow Example

terraform init
terraform validate
terraform plan -out=tfplan
terraform apply tfplan
terraform output
terraform destroy

🚀 Conclusion

This cheatsheet provides a quick reference for everyday Terraform usage.
From init to destroy, mastering these commands will speed up your infrastructure automation workflow.
Bookmark this page and use it as your go-to Terraform CLI reference!

Nutshell Series

🔧 Dependency Injection (DI) Explained: Transient vs Scoped vs Singleton

Manjunath

Dependency Injection (DI) is a design pattern that simplifies how objects and their dependencies are managed in an application. Instead of classes creating their own dependencies, DI provides those dependencies from the outside. This makes applications cleaner, testable, and maintainable.

⚙️ What is Dependency Injection?

At its core, DI is about inversion of control: your classes don’t create what they need; a container provides them. This container decides:

  • How to create objects
  • When to reuse objects
  • How to dispose of them when no longer needed

📌 Service Lifetimes

When you register services in a DI container, you usually choose a lifetime:

  • Transient – A new instance is created every time it’s requested.
  • Scoped – One instance is created per request (or unit of work).
  • Singleton – A single instance is shared across the entire application lifetime.

🔄 Transient

A new instance is created each time the service is requested. Best for lightweight, stateless services.

// Example in C#
services.AddTransient<IEmailService, EmailService>();

📂 Scoped

A new instance is created once per request, but reused within that request. Useful for services like database contexts.

// Example in C#
services.AddScoped<IDbContext, AppDbContext>();

♾ Singleton

A single instance is created and reused for the entire lifetime of the application. Perfect for loggers, configuration readers, and caching providers.

// Example in C#
services.AddSingleton<ILogger, Logger>();

📊 When to Use Each?

  • Transient – For short-lived, stateless operations (e.g., helpers, formatters).
  • Scoped – For services tied to a single request or unit of work (e.g., DbContext).
  • Singleton – For shared state or expensive-to-create services (e.g., loggers, configuration, caching).

🚀 Conclusion

Dependency Injection ensures better code structure, easier testing, and improved flexibility.
Choosing the right lifetime — Transient, Scoped, or Singleton — helps you balance performance with resource management.

Security

Cybersecurity Frameworks & Standards: Quick Reference

Manjunath

Use this cheat sheet to quickly match popular cybersecurity frameworks and regulations to the industries that rely on them. Each entry includes a short description to help you pick the right control set for audits, assessments, or roadmap planning.

At a Glance

Cybersecurity Frameworks & Standards Cheat Sheet
Framework / Standard Primary Industry / Sector Brief Description
ISO 27001 Finance, healthcare, IT, government International standard for establishing, implementing, maintaining, and continually improving an ISMS (information security management system).
NIST Cybersecurity Framework (NIST CSF) Critical infrastructure (energy, healthcare, finance, transportation) Risk-based guidance organized around Identify, Protect, Detect, Respond, and Recover functions.
HIPAA Healthcare providers, health plans, clearinghouses U.S. regulation protecting the privacy and security of protected health information (PHI).
PCI DSS Merchants, financial institutions, payment processors Security standard for safeguarding cardholder data and reducing payment card fraud.
GDPR Any organization handling EU residents’ personal data EU regulation granting data privacy rights and setting obligations for data controllers and processors.
CIS Controls Organizations of all sizes and sectors Prioritized set of practical security controls to defend against common cyberattacks.
HITRUST CSF Healthcare organizations and business associates Certifiable framework that harmonizes requirements from HIPAA, NIST, ISO, and others.
COBIT All industries IT governance and management framework aligning technology with business objectives.
NERC CIP Electric utilities, power generation companies Standards for protecting the bulk electric system in North America.
FISMA U.S. federal agencies and contractors U.S. law requiring comprehensive information security programs for federal information and systems.
SOC 2 SaaS providers, managed service providers, data centers, cloud platforms Attestation report evaluating controls against Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
CCPA Businesses collecting personal information from California residents California law providing consumer data privacy rights and business obligations.
CISA Telecoms Framework U.S. telecommunications providers Guidance and best practices for securing telecommunications infrastructure and services.
NIST SP 800-53 U.S. federal agencies and organizations Catalog of security and privacy controls for federal information systems and organizations.
NIST SP 800-171 Non-federal organizations handling CUI Requirements to protect controlled unclassified information (CUI) for the U.S. government.
UK Telecoms (Security) Act 2021 Telecommunications companies operating in the United Kingdom Legal obligations to strengthen security and resilience of UK telecom networks.

How to Use This Cheat Sheet

  • General maturity: Start with ISO 27001 or NIST CSF for a broad security program.
  • Industry specifics: Apply HIPAA/HITRUST for healthcare, PCI DSS for payments, and NERC CIP for energy.
  • Privacy: Map your data practices to GDPR and CCPA obligations.
  • Cloud & services: Use SOC 2 to demonstrate assurance to customers and partners.

Notes & Caveats

  • Frameworks are complementary—organizations often implement more than one.
  • Scope and applicability depend on your data types, geography, and contractual obligations.
  • Always consult current official documentation before audits or certifications.

Last updated: August 2025.

Design Patterns

Azure Messaging Patterns

Manjunath

This blog explores key messaging design patterns used in distributed systems architecture. These patterns help improve scalability, reliability, and performance in cloud-native applications.

Pattern Description Well-Architected Pillars
Asynchronous Request-Reply Decouples back-end processing from front-end, allowing async operations with a clear response. Performance Efficiency
Claim Check Splits large messages into a lightweight reference and a payload stored externally. Reliability, Security, Cost Optimization, Performance Efficiency
Competing Consumers Multiple consumers process messages from the same queue concurrently to improve throughput. Reliability, Cost Optimization, Performance Efficiency
Messaging Bridge Enables communication between incompatible messaging systems via an intermediary. Cost Optimization, Operational Excellence
Priority Queue Ensures high-priority messages are processed faster than others. Reliability, Performance Efficiency
Publisher/Subscriber Broadcasts events to multiple consumers asynchronously without tight coupling. Reliability, Security, Cost Optimization, Operational Excellence, Performance Efficiency
Queue-Based Load Leveling Buffers requests using a queue to handle load spikes smoothly. Reliability, Cost Optimization, Performance Efficiency
Sequential Convoy Processes related messages in order without blocking unrelated message groups. Reliability

These patterns are foundational for building robust cloud applications. For more, explore the full Azure Architecture Center.

GeneralGyan

SCAMPER Cheatsheet for Quick Innovation

Manjunath
SCAMPER is a creativity tool that helps generate new ideas by asking seven types of questions.

  • S – Substitute: What can be replaced?
  • C – Combine: What can be merged to add value?
  • A – Adapt: What can be borrowed from other fields?
  • M – Modify: What can be changed, magnified, or minimized?
  • P – Put to Other Use: How else can it be used?
  • E – Eliminate: What can be removed or simplified?
  • R – Reverse/Rearrange: What can be flipped or reordered?

Tip: Apply each step to your product, service, or process to uncover fresh solutions.

Technology and tricks

Kakuro Cheat Sheet: All Number Combinations (2–8 Cells)

Manjunath

A complete, ready-to-use list of all valid number combinations for Kakuro runs of 2 to 8 cells (digits 1–9, no repeats, strictly increasing within each combo).

🔑 Magic Numbers in Kakuro

Some sums have only one possible combination. These are called magic numbers and are the best starting points when solving a Kakuro puzzle:

  • 2 cells: 3 = (1,2), 16 = (7,9), 17 = (8,9)
  • 3 cells: 6 = (1,2,3), 24 = (7,8,9)
  • 4 cells: 10 = (1,2,3,4), 30 = (6,7,8,9)
  • 5 cells: 15 = (1,2,3,4,5), 35 = (5,6,7,8,9)
  • 6 cells: 21 = (1,2,3,4,5,6), 39 = (4,5,6,8,9,7)
  • 7 cells: 28 = (1,2,3,4,5,6,7), 41 = (2,4,5,6,7,8,9)
  • 8 cells: 36 = (1,2,3,4,5,6,7,8), 44 = (2,3,4,5,6,7,8,9)
  • 9 cells: 45 = (1,2,3,4,5,6,7,8,9)

These are must-know shortcuts that make solving much easier.

📋 Kakuro 2-Cell Combinations

Range: 3 – 17

Sum Pairs
3 (1,2)
4 (1,3)
5 (1,4), (2,3)
6 (1,5), (2,4)
7 (1,6), (2,5), (3,4)
8 (1,7), (2,6), (3,5)
9 (1,8), (2,7), (3,6), (4,5)
10 (1,9), (2,8), (3,7), (4,6)
11 (2,9), (3,8), (4,7), (5,6)
12 (3,9), (4,8), (5,7)
13 (4,9), (5,8), (6,7)
14 (5,9), (6,8)
15 (6,9), (7,8)
16 (7,9)
17 (8,9)

📋 Kakuro 3-Cell Combinations

Range: 6 – 24

Sum Triplets
6 (1,2,3)
7 (1,2,4)
8 (1,2,5), (1,3,4)
9 (1,2,6), (1,3,5), (2,3,4)
10 (1,2,7), (1,3,6), (1,4,5), (2,3,5)
11 (1,2,8), (1,3,7), (1,4,6), (2,3,6), (2,4,5)
12 (1,2,9), (1,3,8), (1,4,7), (1,5,6), (2,3,7), (2,4,6), (3,4,5)
13 (1,3,9), (1,4,8), (1,5,7), (2,3,8), (2,4,7), (2,5,6), (3,4,6)
14 (1,4,9), (1,5,8), (1,6,7), (2,3,9), (2,4,8), (2,5,7), (3,4,7), (3,5,6)
15 (1,5,9), (1,6,8), (2,4,9), (2,5,8), (2,6,7), (3,4,8), (3,5,7), (4,5,6)
16 (1,6,9), (1,7,8), (2,5,9), (2,6,8), (3,4,9), (3,5,8), (3,6,7), (4,5,7)
17 (1,7,9), (2,6,9), (2,7,8), (3,5,9), (3,6,8), (4,5,8), (4,6,7)
18 (1,8,9), (2,7,9), (3,6,9), (3,7,8), (4,5,9), (4,6,8), (5,6,7)
19 (2,8,9), (3,7,9), (4,6,9), (4,7,8), (5,6,8)
20 (3,8,9), (4,7,9), (5,6,9), (5,7,8)
21 (4,8,9), (5,7,9), (6,7,8)
22 (5,8,9), (6,7,9)
23 (6,8,9)
24 (7,8,9)

📋 Kakuro 4-Cell Combinations

Range: 10 – 30

Sum Quadruplets
10 (1,2,3,4)
11 (1,2,3,5)
12 (1,2,3,6), (1,2,4,5)
13 (1,2,3,7), (1,2,4,6), (1,3,4,5)
14 (1,2,3,8), (1,2,4,7), (1,2,5,6), (1,3,4,6), (2,3,4,5)
15 (1,2,3,9), (1,2,4,8), (1,2,5,7), (1,3,4,7), (1,3,5,6), (2,3,4,6)
16 (1,2,4,9), (1,2,5,8), (1,2,6,7), (1,3,4,8), (1,3,5,7), (1,4,5,6), (2,3,4,7), (2,3,5,6)
17 (1,2,5,9), (1,2,6,8), (1,3,4,9), (1,3,5,8), (1,3,6,7), (1,4,5,7), (2,3,4,8), (2,3,5,7), (2,4,5,6)
18 (1,2,6,9), (1,2,7,8), (1,3,5,9), (1,3,6,8), (1,4,5,8), (1,4,6,7), (2,3,4,9),(2,3,5,8), (2,3,6,7), (2,4,5,7), (3,4,5,6)
19 (1,2,7,9), (1,3,6,9), (1,3,7,8), (1,4,5,9), (1,4,6,8), (1,5,6,7), (2,3,5,9), (2,3,6,8), (2,4,5,8), (2,4,6,7), (3,4,5,7)
20 (1,2,8,9), (1,3,7,9), (1,4,6,9), (1,4,7,8), (1,5,6,8), (2,3,6,9), (2,3,7,8), (2,4,5,9), (2,4,6,8), (2,5,6,7), (3,4,5,8), (3,4,6,7)
21 (1,3,8,9), (1,4,7,9), (1,5,6,9), (1,5,7,8), (2,3,7,9), (2,4,6,9), (2,4,7,8), (2,5,6,8), (3,4,5,9), (3,4,6,8), (3,5,6,7)
22 (1,4,8,9), (1,5,7,9), (1,6,7,8), (2,3,8,9), (2,4,7,9), (2,5,6,9), (2,5,7,8), (3,4,6,9), (3,4,7,8), (3,5,6,8), (4,5,6,7)
23 (1,5,8,9), (1,6,7,9), (2,4,8,9), (2,5,7,9), (2,6,7,8), (3,4,7,9), (3,5,7,9), (3,6,7,8), (4,5,6,8)
24 (1,6,8,9), (2,5,8,9), (2,6,7,9), (3,4,8,9), (3,5,7,9), (3,6,7,8), (4,5,6,9), (4,5,7,8)
25 (1,7,8,9), (2,6,8,9), (3,5,8,9), (3,6,7,9), (4,5,7,9), (4,6,7,8)
26 (2,7,8,9), (3,6,8,9), (4,5,8,9), (4,6,7,9), (5,6,7,8)
27 (3,7,8,9), (4,6,8,9), (5,6,7,9)
28 (4,7,8,9), (5,6,8,9)
29 (5,7,8,9)
30 (6,7,8,9)

📋 Kakuro 5-Cell Combinations

Range: 15 – 35

Sum Quintuplets
15 (1,2,3,4,5)
16 (1,2,3,4,6)
17 (1,2,3,4,7), (1,2,3,5,6)
18 (1,2,3,4,8), (1,2,3,5,7), (1,2,4,5,6)
19 (1,2,3,4,9), (1,2,3,5,8), (1,2,3,6,7), (1,2,4,5,7), (1,3,4,5,6)
20 (1,2,3,5,9),(1,2,3,6,8), (1,2,4,5,8), (1,2,4,6,7), (1,3,4,5,7), (2,3,4,5,6)
21 (1,2,3,6,9), (1,2,3,7,8), (1,2,4,5,9), (1,2,4,6,8), (1,2,5,6,7), (1,3,4,5,8), (1,3,4,6,7), (2,3,4,5,7)
22 (1,2,3,7,9), (1,2,4,6,9), (1,2,4,7,8), (1,2,5,6,8), (1,3,4,5,9), (1,3,4,6,8), (1,3,5,6,7), (2,3,4,5,8), (2,3,4,6,7)
23 (1,2,3,8,9), (1,2,4,7,9), (1,2,5,6,9), (1,2,5,7,8), (1,3,4,6,9), (1,3,4,7,8), (1,3,5,6,8), (1,4,5,6,7), (2,3,4,5,9), (2,3,4,6,8), (2,3,5,6,7)
24 (1,2,4,8,9), (1,2,5,7,9), (1,2,6,7,8), (1,3,4,7,9), (1,3,5,6,9), (1,3,5,7,8), (1,4,5,6,8), (2,3,4,6,9), (2,3,4,7,8), (2,3,5,6,8), (2,4,5,6,7)
25 (1,2,5,8,9), (1,2,6,7,9), (1,3,4,8,9), (1,3,5,7,9), (1,3,6,7,8), (1,4,5,6,9), (1,4,5,7,8), (2,3,4,7,9), (2,3,5,6,9), (2,3,5,7,8), (2,4,5,6,8), (3,4,5,6,7)
26 (1,2,6,8,9), (1,3,5,8,9), (1,3,6,7,9), (1,4,5,7,9), (1,4,6,7,8), (2,3,4,8,9), (2,3,5,7,9), (2,3,6,7,8), (2,4,5,6,9), (2,4,5,7,8), (3,4,5,6,8)
27 (1,2,7,8,9), (1,3,6,8,9), (1,4,5,8,9), (1,4,6,7,9), (1,5,6,7,8), (2,3,5,8,9), (2,3,6,7,9), (2,4,5,7,9), (2,4,6,7,8), (3,4,5,6,9), (3,4,5,7,8)
28 (1,3,7,8,9), (1,4,6,8,9), (1,5,6,7,8), (2,3,6,8,9), (2,4,5,8,9), (2,4,6,7,9), (2,5,6,7,8), (3,4,5,7,9), (3,4,6,7,8)
29 (1,4,7,8,9), (1,5,6,8,9), (2,3,7,8,9), (2,4,6,8,9), (2,5,6,7,9), (3,4,5,8,9), (3,4,6,7,9), (3,5,6,7,8)
30 (1,5,7,8,9), (2,4,7,8,9), (2,5,6,8,9), (3,4,6,8,9), (3,5,6,7,9), (4,5,6,7,8)
31 (1,6,7,8,9), (2,5,7,8,9), (3,4,7,8,9), (3,5,6,8,9), (4,5,6,7,9)
32 (2,6,7,8,9), (3,5,7,8,9), (4,5,6,8,9)
33 (3,6,7,8,9), (4,5,7,8,9)
34 (4,6,7,8,9)
35 (5,6,7,8,9)

📋 Kakuro 6-Cell Combinations

Range: 21 – 39

Sum Sextuplets
21 (1,2,3,4,5,6)
22 (1,2,3,4,5,7)
23 (1,2,3,4,5,8), (1,2,3,4,6,7)
24 (1,2,3,4,5,9), (1,2,3,4,6,8), (1,2,3,5,6,7)
25 (1,2,3,4,6,9), (1,2,3,4,7,8), (1,2,3,5,6,8), (1,2,4,5,6,7)
26 (1,2,3,4,7,9), (1,2,3,5,6,9), (1,2,3,5,7,8), (1,2,4,5,6,8), (1,3,4,5,6,7)
27 (1,2,3,4,8,9), (1,2,3,5,7,9), (1,2,3,6,7,8), (1,2,4,5,6,9), (1,2,4,5,7,8), (1,3,4,5,6,8), (2,3,4,5,6,7)
28 (1,2,3,5,8,9), (1,2,3,6,7,9), (1,2,4,5,7,9), (1,2,4,6,7,8), (1,3,4,5,6,9), (1,3,4,5,7,8), (2,3,4,5,6,8)
29 (1,2,3,6,8,9), (1,2,4,5,8,9), (1,2,4,6,7,9), (1,2,5,6,7,8), (1,3,4,5,7,9), (1,3,4,6,7,8), (2,3,4,5,6,9), (2,3,4,5,7,8)
30 (1,2,3,7,8,9), (1,2,4,6,8,9), (1,2,5,6,7,9), (1,3,4,5,8,9), (1,3,4,6,7,9), (1,3,5,6,7,8), (2,3,4,5,7,9), (2,3,4,6,7,8)
31 (1,2,4,7,8,9), (1,2,5,6,8,9), (1,3,4,6,8,9), (1,3,5,6,7,9), (1,4,5,6,7,8), (2,3,4,5,8,9), (2,3,4,6,7,9), (2,3,5,6,7,8)
32 (1,2,5,7,8,9), (1,3,4,7,8,9), (1,3,5,6,8,9), (1,4,5,6,7,9), (2,3,4,6,8,9), (2,3,5,6,7,9), (2,4,5,6,7,8)
33 (1,2,6,7,8,9), (1,3,5,7,8,9), (1,4,5,6,8,9), (2,3,4,7,8,9), (2,3,5,6,8,9), (2,4,5,6,7,9), (3,4,5,6,7,8)
34 (1,3,6,7,8,9), (1,4,5,7,8,9), (2,3,5,7,8,9), (2,4,5,6,8,9), (3,4,5,6,7,9)
35 (1,4,6,7,8,9), (2,3,6,7,8,9), (2,4,5,7,8,9), (3,4,5,6,8,9)
36 (1,5,6,7,8,9), (2,4,6,7,8,9), (3,4,5,7,8,9)
37 (2,5,6,7,8,9), (3,4,6,7,8,9)
38 (3,5,6,7,8,9)
39 (4,5,6,7,8,9)

📋 Kakuro 7-Cell Combinations

Range: 28 – 42

Sum Septuplets
28 (1,2,3,4,5,6,7)
29 (1,2,3,4,5,6,8)
30 (1,2,3,4,5,6,9), (1,2,3,4,5,7,8)
31 (1,2,3,4,5,7,9), (1,2,3,4,6,7,8)
32 (1,2,3,4,5,8,9), (1,2,3,4,6,7,9), (1,2,3,5,6,7,8)
33 (1,2,3,4,6,8,9), (1,2,3,5,6,7,9), (1,2,4,5,6,7,8)
34 (1,2,3,4,7,8,9), (1,2,3,5,6,8,9), (1,2,4,5,6,7,9), (1,3,4,5,6,7,8)
35 (1,2,3,5,7,8,9), (1,2,4,5,6,8,9), (1,3,4,5,6,7,9), (2,3,4,5,6,7,8)
36 (1,2,3,6,7,8,9), (1,2,4,5,7,8,9), (1,3,4,5,6,8,9), (2,3,4,5,6,7,9)
37 (1,2,4,6,7,8,9), (1,3,4,5,7,8,9), (2,3,4,5,6,8,9)
38 (1,2,5,6,7,8,9), (1,3,4,6,7,8,9), (2,3,4,5,7,8,9)
39 (1,3,5,6,7,8,9), (2,3,4,6,7,8,9)
40 (1,4,5,6,7,8,9), (2,3,5,6,7,8,9)
41 (2,4,5,6,7,8,9)
42 (3,4,5,6,7,8,9)

📋 Kakuro 8-Cell Combinations

Range: 36 – 44

Sum Octuplets
36 (1,2,3,4,5,6,7,8)
37 (1,2,3,4,5,6,7,9)
38 (1,2,3,4,5,6,8,9)
39 (1,2,3,4,5,7,8,9)
40 (1,2,3,4,6,7,8,9)
41 (1,2,3,5,6,7,8,9)
42 (1,2,4,5,6,7,8,9)
43 (1,3,4,5,6,7,8,9)
44 (2,3,4,5,6,7,8,9)

📋 Kakuro 9-Cell Combinations

Range: 45

Sum Nonuplet
45 (1,2,3,4,5,6,7,8,9)

✅ Final Tip

When solving Kakuro, always start with magic numbers and then eliminate impossibilities using cross constraints from intersecting runs. Bookmark this page for quick reference!

Nutshell Series

Fixing Azure Token Issuer Mismatch Error: “Primary Access Token is from the Wrong Issuer”

Manjunath

A short troubleshooting guide for developers using Azure CLI and C# SDKs

I recently ran into a frustrating Azure authentication error while working with ARM (Azure Resource Manager) APIs.
The error looked like this: 

Cache-Control: no-cache
Pragma: no-cache
WWW-Authenticate: Bearer authorization_uri="https://login.windows.net/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", error="invalid_token", error_description="The primary access token is from the wrong issuer. It must match the tenant associated with this subscription. Please use correct authority to get the token."
x-ms-failure-cause: gateway
x-ms-request-id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

The Problem

The critical clue was:

The primary access token is from the wrong issuer. It must match the tenant associated with this subscription.

When I decoded the token using JWT.io, the iss (issuer)
claim was: 

f8cdef31-a31e-4b4a-93e4-5f571e91255

That GUID is the Microsoft Services tenant — it appears when you sign in with a personal Microsoft account (MSA).
My Azure subscription, however, was tied to a specific Azure Active Directory (AAD) tenant, so Azure rejected the token because the issuer didn’t match.

What Caused It

  • I logged in using a personal Microsoft account (MSA).
  • The subscription belonged to an Azure AD tenant (not the Microsoft Services tenant).
  • Using VisualStudioCodeCredential or DefaultAzureCredential still returned tokens from the wrong issuer because the underlying login session was wrong.

Solution — Steps to Fix

The fix is straightforward: log into the correct tenant, set the subscription, and use credentials that respect the CLI session.

1) Log in to the correct tenant

az login --tenant <your-tenant-id>

2) Set the subscription

az account set --subscription <your-subscription-id-or-name>

3) Use Azure CLI credentials in C#

Instead of DefaultAzureCredential, switch to AzureCliCredential and fetch the token directly (this uses the Azure CLI credentials stored during az login — so make sure you’re logged in from the terminal):

// using Azure.Identity and Azure.Core
// var credential = new DefaultAzureCredential();
var credential = new AzureCliCredential();

string[] scopes = new[] { "https://management.azure.com/.default" };

var token = (await credential.GetTokenAsync(new TokenRequestContext(scopes))).Token;

// Optional alternative with explicit cancellation token
// token = (await credential.GetTokenAsync(new TokenRequestContext(scopes),
//     System.Threading.CancellationToken.None)).Token;

Note: This uses Azure CLI credentials stored during az login, so ensure you are logged in to the correct tenant and subscription in your terminal before running this code.

Key Takeaways

  • If your JWT iss claim is f8cdef31-a31e-4b4a-93e4-5f571e91255, you’re using a Microsoft Services tenant token (MSA) — it won’t work for subscriptions tied to an Azure AD tenant.
  • Fix the login by targeting the correct tenant with az login --tenant <tenant-id> and then set the subscription with az account set --subscription <subscription-id-or-name>.
  • Using AzureCliCredential in C# picks up tokens from your active Azure CLI session and helps avoid issuer mismatch issues.
Nutshell Series

🔐 Azure AD App: Set Long-Term Secret (Two Easy Ways)

Manjunath

Need a long-lasting client secret for a non-production app? Here are two ways to create a secret that mimics no expiry — ideal for automation, CI/CD, or UAT setups.

✅ Option 1: Azure CLI

Use this for a quick and easy credential reset:

az ad app credential reset --id ********-****-****-****-************ --years 299 --append --display-name uat-automation-secret-longterm
  • --years 299: Secret valid for ~299 years
  • --append: Keeps existing secrets
  • --display-name: Helps identify the secret

🔄 Option 2: Microsoft Graph API (addPassword)

You can also use Microsoft Graph’s addPassword endpoint for full control.

POST Request

POST https://graph.microsoft.com/v1.0/applications/{app-id}/addPassword
Authorization: Bearer <token>
Content-Type: application/json

Request Body

{
  "passwordCredential": {
    "displayName": "uat-automation-secret-longterm",
    "endDateTime": "2324-07-17T23:59:59Z"
  }
}

Tip: endDateTime is in UTC format. Set a far future date (e.g., 299 years ahead) to mimic “no expiry”.

⚠️ Security Reminder

  • Use only in non-production scenarios
  • Store secrets in Key Vault, not in code
  • Prefer Managed Identity or Federated Credentials for production

Both methods are effective — choose the one that fits your environment or automation strategy.

Nutshell Series, Security

🔐 Common Security Testing Terminologies

Manjunath
Term Full Form Purpose Category
SAST Static Application Security Testing Analyzes code or binaries to find vulnerabilities before runtime. Static
Secure Code Review Manual or automated inspection of code for security flaws. Static
DAST Dynamic Application Security Testing Simulates attacks on a running application to find security issues. Dynamic
Fuzzing Fuzz Testing Sends malformed or random data to discover crashes and bugs. Dynamic
Pen Testing Penetration Testing Ethical hacking to uncover and exploit real-world vulnerabilities. Dynamic
IAST Interactive Application Security Testing Combines SAST and DAST with real-time analysis via instrumentation. Hybrid
RASP Runtime Application Self-Protection Monitors and protects applications in real-time during execution. Hybrid
SCA Software Composition Analysis Identifies vulnerabilities in open-source and third-party components. Component-based
VAPT Vulnerability Assessment and Penetration Testing Combines scanning and exploitation to assess security posture. Operational
Threat Modeling Identifies and prioritizes threats early in the development lifecycle. Operational
Bug Bounty Rewards external security researchers for responsibly reporting vulnerabilities. Operational
Nutshell Series, Security

🧾 SAST vs DAST Comparison

Manjunath
Feature SAST (Static Application Security Testing) DAST (Dynamic Application Security Testing)
Testing Type White-box Black-box
Access to Code Required (analyzes source code or binaries) Not required (tests from outside the app)
When Used Early in SDLC (during coding/build phase) Later in SDLC (during or after deployment)
What It Tests Source code, bytecode, or binaries Running application, web interfaces, APIs
Finds Code-level issues (e.g., SQL injection, secrets) Runtime issues (e.g., logic flaws, auth problems)
False Positives Higher (due to theoretical analysis) Lower (based on real execution)
Speed Fast (no need to run the app) Slower (requires deployed app and interactions)
Tool Examples SonarQube, Checkmarx, Fortify OWASP ZAP, Burp Suite, Acunetix
Language Dependency Language-specific Language-agnostic
Use Case Secure code review, CI/CD integration Real-world attack simulation, post-deployment testing