On building software and the decisions behind it
Note (2026): This was written while I was actively working with Vault. My current stack leans more toward AWS-native solutions (KMS, Secrets Manager, IAM), but the core concepts here—separating secrets from code and treating encryption as a service—still apply.
In my last post, I discussed using the Spring Encryption project to encrypt sensitive data in our application.… Read more
Moving from a legacy in-house framework to an open standard like SpringBoot has been extremely satisfying. However, being part of a large organization sometimes one doesn’t get the exposure to how things are done, case in point mTLS. Another group is responsible for the solution that’s used by others and exposed through a common library.… Read more