encryption
Loading Secrets at Runtime Without Leaking Them: config(), the Keystore, and run
Part 3 of 3 on @faizahmed/secret-keystore . Part 1 was the threat model; Part 2 was the CLI. This part is how your app reads secre…
#aws
8 posts RSS
encryption
Encrypt Your .env with One Command: The secret-keystore CLI
Part 2 of 3 on @faizahmed/secret-keystore . Part 1 covered the threat model; this part is pure hands-on. By the end you'll have an…
encryption
Your .env Is a Loaded Gun: A Saner Threat Model for Node.js Secrets
Part 1 of 3 in a deep-dive on @faizahmed/secret-keystore . New here? Start with the Complete Guide. For the original incident writ…
encryption
Encrypted .env for Node.js with AWS KMS: The Complete Guide
A year ago I would have told you a .env file was fine. Then we patched a CVSS 10.0 RCE in Next.js (CVE-2025-66478) and spent the n…
Stop Putting Secrets in process.env: Encrypt Env Vars with AWS KMS
This post starts with the production problem we hit in late 2025, the critical security vulnerability in React Server Components a…
scaling-javascript-nodejs
Your Node.js AWS SDK v3 App Will Crash in Production Without This maxSockets Fix
Everything was fine until it wasn’t. Our Node.js app, powered by AWS SDK v3, started freezing during peak traffic. Requests to S3…
A Practical Guide to AWS API Gateway
This guide walks you through everything from routing and stage management to Lambda proxies, VPC links, and CORS. What Is AWS API…
vcw
MicroVM: Navigating Firecracker & Firectl
Firecracker is an open-source virtualization technology developed by Amazon Web Services (AWS). It is designed to enable customers…