On building software and the decisions behind it
Note (2026): This was written while I was actively working with Vault. My current stack leans more toward AWS-native solutions (KMS, Secrets Manager, IAM), but the core concepts here—separating secrets from code and treating encryption as a service—still apply.
In my last post, I discussed using the Spring Encryption project to encrypt sensitive data in our application.… Read more
One thing that’s been nagging me as we build out our framework is how we’re handling JWTs. Right now, we’re doing what most applications do. The token comes back after authentication and gets sent on every request in the header:
GET http://localhost:8080/someprotectedendpoint
Authorization: Bearer <jwt token>This works exactly as expected.… Read more
After writing custom code to handle signing up users, sending emails, supporting multi-factor authentication, I looked more into alternatives. Why? As a startup you have to be scrappy. Use what’s free, create solutions for platform parts that cost too much for where you’re at. Eventually, you will grow out of this and will need to look at alternatives.… Read more
It’s been a while since I’ve written a post. I’ve been heads down working on the platform thinking more about use cases, revising code and introducing a basic React client. If I haven’t mentioned already, I love IntelliJ. It’s my tool of choice and have been using it for years. Every time they make a release they introduce something cool that is helpful.… Read more
Multi factor authentication has become ubiquitous in web applications. If you work in financial services it’s even a legal requirement in some states. For most of us working professionals I believe we all agree enhanced security for our customers is a good thing. While we have already tackled broader approaches, such as encryption and server hardening, we also want to cover more fine grained approaches that affect an individual’s experience.… Read more
Once a user signs up for service on our site we want to make sure we have some type of verification system in place to help ensure they are a real user. Quite often this is done by sending out an email with an account verification link which allows a prospective user to finalize their account creation.… Read more
We’ve all most likely seen they boiler plate code for managing users in Spring. This post really won’t be that much different so feel free to skip this if you are already familiar. We will be building off of this code so if a subsequent post throws you for a loop please come back here.… Read more
As I’ve been working on side projects I realize how much I depend on the tutorials of others to get code or ideas on how to accomplish certain features. I’ve been extremely thankful to have those resource and felt it was time to start giving back with my most recent project.… Read more