Security

Sensitive Data Encryption — Module Design and Migration Retrospective

A retrospective on column-level encryption of sensitive data in a running service. Envelope encryption, DEK granularity decisions, the WHERE clause constraint that led to HMAC, and the migration automation Skill that spread the work across the org.

Dable
Project
Security
Encryption
Compliance
Retrospective

Security Groups and NACLs

How Security Groups (stateful, per-instance) and NACLs (stateless, per-subnet) form different layers of defense in a VPC, plus the common pitfalls each surface.

Vpc
Security
Security-Group
Nacl
Firewall