encryption
Loading Secrets at Runtime Without Leaking Them: config(), the Keystore, and run
Part 3 of 3 on @faizahmed/secret-keystore . Part 1 was the threat model; Part 2 was the CLI. This part is how your app reads secre…
#security
7 posts RSS
encryption
Encrypt Your .env with One Command: The secret-keystore CLI
Part 2 of 3 on @faizahmed/secret-keystore . Part 1 covered the threat model; this part is pure hands-on. By the end you'll have an…
encryption
Your .env Is a Loaded Gun: A Saner Threat Model for Node.js Secrets
Part 1 of 3 in a deep-dive on @faizahmed/secret-keystore . New here? Start with the Complete Guide. For the original incident writ…
encryption
Encrypted .env for Node.js with AWS KMS: The Complete Guide
A year ago I would have told you a .env file was fine. Then we patched a CVSS 10.0 RCE in Next.js (CVE-2025-66478) and spent the n…
Stop Putting Secrets in process.env: Encrypt Env Vars with AWS KMS
This post starts with the production problem we hit in late 2025, the critical security vulnerability in React Server Components a…
How to Prevent Replay Attacks with JWTs: JWS vs JWE and Fingerprint Validation in Node.js
In this post, we’ll explore what replay attacks are, how JWS and JWE differ, and how to generate + validate session fingerprints u…
encryption
JWT, JWE, and JWKS Explained: A Developer’s Guide to Token-Based Security
🧠 What is JWT? JWT (JSON Web Token) is a compact, URL-safe token format used to transmit claims securely between parties. It’s th…