Security

Envelope Encryption

How the CMK/DEK two-tier key structure in envelope encryption limits key leak impact and simplifies key rotation.

Encryption
Aes-256
Envelope-Encryption
Key-Management

Session Authentication and JWT

HTTP is stateless. Maintaining user authentication requires storing state somewhere. This post covers the structure, trade-offs, and storage strategies of server-side sessions and client-side JWT tokens.

Jwt
Session
Authentication
Access-Token
Refresh-Token
Cookie