infractl

The audit work I do across the Accent Group Azure estate is repetitive in the right way — the same questions need answering regularly: are resources tagged correctly, is encryption enabled everywhere it should be, have any ARM deployments drifted from their templates, where is spend concentrating? I was doing this manually across the portal and via ad-hoc Az CLI commands. infractl is the automation of that routine.

I chose Go because CLI tooling in Go produces a single binary with no runtime dependencies, which makes distribution across the team straightforward. Cobra gives you a consistent command structure with built-in help generation, and Viper handles config file and environment variable layering so the tool can be configured differently per environment. The lipgloss library from Charmbracelet lets you write terminal output that looks deliberate rather than like raw text.

The interface-driven AzureClient design was a specific decision driven by CI. If the Azure SDK calls are behind an interface, you can swap in a MockClient that returns pre-defined fixture data for testing — the build pipeline passes without any Azure credentials present. That pattern makes the tool safe to develop and test in isolation, and keeps the CI green regardless of credential availability.

The five audit checks (tagging, encryption, networking, identity, backup) are all aligned to CIS Benchmark controls, which means the output maps directly to the frameworks we reference in security assessments. Output in table format works for interactive use; JSON output feeds into downstream automation and reporting pipelines; HTML generates a report you can attach to a change advisory board submission.