All Articles
- The Problem Was Never Storing the Secret - why team secrets need operational context, history, and workspace ownership, not just a password record.
- Workspace-Based Access Control Without RBAC Hell - the workspace-first access model and explicit secret permissions.
- Building a Secret-Aware Rich Text Editor with Tiptap - references, hash detection, and access-aware rendering.
- Immutable Secret Rotation in Practice - rotation as a new record, not mutation in place.
- Per-Secret Encryption Keys with Google Cloud KMS - AES-256-GCM, per-secret DEKs, KMS wrapping, and AAD.
- Designing Audit Logs for Sensitive Systems - append-only audit events without plaintext secrets.
- Lightweight Device Sessions Without Stateful Auth - visibility around devices while JWT remains the source of truth.
- Why Vault Uses UI Locking Instead of Client-Side Encryption - the master password as a local UI gate, not backend authorization.