encryption
Loading Secrets at Runtime Without Leaking Them: config(), the Keystore, and run
Part 3 of 3 on @faizahmed/secret-keystore . Part 1 was the threat model; Part 2 was the CLI. This part is how your app reads secre…
#backend
7 posts RSS
encryption
Encrypt Your .env with One Command: The secret-keystore CLI
Part 2 of 3 on @faizahmed/secret-keystore . Part 1 covered the threat model; this part is pure hands-on. By the end you'll have an…
encryption
Your .env Is a Loaded Gun: A Saner Threat Model for Node.js Secrets
Part 1 of 3 in a deep-dive on @faizahmed/secret-keystore . New here? Start with the Complete Guide. For the original incident writ…
encryption
Encrypted .env for Node.js with AWS KMS: The Complete Guide
A year ago I would have told you a .env file was fine. Then we patched a CVSS 10.0 RCE in Next.js (CVE-2025-66478) and spent the n…
Stop Putting Secrets in process.env: Encrypt Env Vars with AWS KMS
This post starts with the production problem we hit in late 2025, the critical security vulnerability in React Server Components a…
scaling-javascript-nodejs
JWT vs PASETO vs Session-Based Auth
Are JWTs safe? Should you switch to PASETO? Is session-based auth outdated? In this guide, we’ll compare modern token systems in d…
How to Prevent Replay Attacks with JWTs: JWS vs JWE and Fingerprint Validation in Node.js
In this post, we’ll explore what replay attacks are, how JWS and JWE differ, and how to generate + validate session fingerprints u…