Posts

Hardcoded credentials in your repository are a security incident waiting to happen. One leaked .env file, one accidental commit, and your database is exposed to the internet. Let’s do secrets properly. The Basics What’s a Secret? Anything that grants access: Database passwords API keys OAuth tokens TLS certificates SSH keys Encryption keys Where Secrets Don’t Belong 1 2 3 # ❌ Never do this DATABASE_URL = "postgres://admin:supersecret123@db.prod.internal/myapp" AWS_SECRET_KEY = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" Also bad: .env files committed to git Docker image layers CI/CD logs Chat messages Wikis or documentation Secret Storage Options Environment Variables Simple, but limited: ...

When your application runs on 50 containers across 10 servers, SSH’ing into each one to grep logs doesn’t scale. Centralized logging gives you one place to search everything. The Log Aggregation Pipeline A p p s f s l t i y i d l s c ↓ o e l a u s o t t g i o n s → F L V C l o e o u g c l e s t l n t o e ↓ t a r c d s t h o r s → E L S S l o 3 t a k o s i r ↓ t a i g c e s e → a r S c e h a r c K G C h i r L / ↓ b a I V a f i n a s a n u a a l i z a t i o n Stack Options ELK (Elasticsearch, Logstash, Kibana) The classic choice. Powerful but resource-hungry. ...

When production is on fire, you need a process—not panic. A good incident response framework gets you from “everything’s broken” to “everything’s fixed” with minimal chaos. Incident Lifecycle D e t e c t i o n → T r i a g e → R e s p o n s e → R e s o l u t i o n → P o s t m o r t e m Each phase has specific goals and actions. ...

Nothing ruins a morning like discovering your certificate expired overnight and customers are seeing security warnings. Let’s prevent that. Certificate Basics What You Actually Need A certificate contains: Your domain name(s) Your public key Certificate Authority’s signature Expiration date 1 2 3 4 5 # View certificate details openssl x509 -in cert.pem -text -noout # Check what's actually served openssl s_client -connect example.com:443 -servername example.com | openssl x509 -text -noout Certificate Types DV (Domain Validation): Proves you control the domain. Cheapest, fastest. ...

Your Git workflow affects how fast you ship, how often you break things, and how much your team fights over merge conflicts. Choose wisely. The Contenders Git Flow The traditional branching model with long-lived branches: m a i └ n ─ ─ ( p d r e o v ├ ├ └ d e ─ ─ ─ u l ─ ─ ─ c o t p f f r i e e e o ( a a l └ n i t t e ─ ) n u u a ─ t r r s e e e e h g / / / o r u p 2 t a s a . f t e y 0 i i r m x o - e / n a n c ) u t r t - i h s t y i s c t a e l m - b u g How it works: ...

Bad monitoring means missing real problems. Bad alerting means 3 AM pages for things that don’t matter. Let’s do both right. What to Monitor The Four Golden Signals From Google’s SRE book — if you monitor nothing else, monitor these: 1. Latency: How long requests take 1 2 3 4 # p95 latency over 5 minutes histogram_quantile(0.95, sum(rate(http_request_duration_seconds_bucket[5m])) by (le) ) 2. Traffic: Request volume 1 2 # Requests per second sum(rate(http_requests_total[5m])) 3. Errors: Failure rate ...

Adding an LLM to your application is easy. Making it reliable enough for production is another story. API timeouts, rate limits, hallucinations, and surprise $500 invoices await the unprepared. Here’s how to build LLM features that actually work. The Basics: Robust API Calls Never call an LLM API without proper error handling: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 import anthropic from tenacity import retry, stop_after_attempt, wait_exponential import time client = anthropic.Anthropic() @retry( stop=stop_after_attempt(3), wait=wait_exponential(multiplier=1, min=2, max=30), reraise=True ) def call_llm(prompt: str, max_tokens: int = 1024) -> str: try: response = client.messages.create( model="claude-sonnet-4-20250514", max_tokens=max_tokens, messages=[{"role": "user", "content": prompt}] ) return response.content[0].text except anthropic.RateLimitError: time.sleep(60) # Back off on rate limits raise except anthropic.APIStatusError as e: if e.status_code >= 500: raise # Retry on server errors raise # Don't retry on client errors (4xx) Timeouts Are Non-Negotiable LLM calls can hang. Always set timeouts: ...

Database migrations are the scariest part of deployments. Get them wrong and you’re looking at downtime, data loss, or a 3 AM incident call. Here’s how to migrate safely. The Problem Naive migrations cause problems: 1 2 3 4 5 6 -- This locks the entire table ALTER TABLE users ADD COLUMN phone VARCHAR(20) NOT NULL; -- 10 million rows, exclusive lock held for minutes -- Application queries queue up -- Users see errors Safe Migration Patterns Adding Columns Bad: Adding NOT NULL column without default ...

A good CI/CD pipeline catches bugs early, deploys reliably, and gets out of your way. A bad one is slow, flaky, and becomes the team’s bottleneck. Let’s build a good one. Pipeline Stages A typical pipeline flows through these stages: C o m m i t → B u i l d → T e s t → S e c u r i t y S c a n → D e p l o y S t a g i n g → D e p l o y P r o d Each stage gates the next. Fail early, fail fast. ...

Clicking through cloud consoles doesn’t scale. Infrastructure as Code (IaC) lets you version, review, and automate your infrastructure just like application code. Terraform has become the de facto standard. Here’s how to use it effectively. The Basics Terraform uses HCL (HashiCorp Configuration Language) to declare resources: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 # main.tf terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } } provider "aws" { region = "us-east-1" } resource "aws_instance" "web" { ami = "ami-0c55b159cbfafe1f0" instance_type = "t3.micro" tags = { Name = "web-server" } } 1 2 3 4 terraform init # Download providers terraform plan # Preview changes terraform apply # Create resources terraform destroy # Tear down everything State Management Terraform tracks what it created in a state file. Never lose this file. ...