Skip to content
TechPlained

Security

Secure your infrastructure and applications. TLS certificates, OAuth 2.0 flows, firewall rules, zero trust architecture, and vulnerability management for production systems.

30 articles

Sealed Secrets vs External Secrets Operator vs SOPS
Security

Sealed Secrets vs External Secrets Operator vs SOPS

Three GitOps secret patterns for Kubernetes. Sealed Secrets for pure GitOps, ESO for upstream-store sync, SOPS for Helm-heavy workflows. Decision matrix.

11 min read·
AWS Secrets Manager Alternatives: 8 Tools Compared (2026)
Security

AWS Secrets Manager Alternatives: 8 Tools Compared (2026)

Eight realistic alternatives: Vault for dynamic, Doppler for DX, Infisical for OSS, Parameter Store for free tier. Migration effort and decision matrix.

11 min read·
AWS WAF vs AWS Network Firewall: Which One Do You Actually Need?
Security

AWS WAF vs AWS Network Firewall: Which One Do You Actually Need?

A detailed comparison of AWS WAF and AWS Network Firewall covering Layer 7 vs Layers 3-7 inspection, pricing, Terraform deployment examples, and a decision framework for choosing the right service.

13 min read·
JWT vs Session Tokens: Authentication Trade-offs Explained
Security

JWT vs Session Tokens: Authentication Trade-offs Explained

An honest comparison of JWT and session token authentication. Covers JWT structure, signing algorithms (RS256 vs HS256), common vulnerabilities, the revocation problem, and when each approach is the right choice for your architecture.

13 min read·
Software Supply Chain Security: SBOMs, Sigstore & Dependency Scanning
Security

Software Supply Chain Security: SBOMs, Sigstore & Dependency Scanning

Anatomy of supply chain attacks (xz-utils, SolarWinds, event-stream), SBOM generation with Syft and Trivy, Sigstore keyless signing, dependency scanning tools compared, and the SLSA framework.

13 min read·
Passkeys Explained: How WebAuthn Is Replacing Passwords
Security

Passkeys Explained: How WebAuthn Is Replacing Passwords

Passkeys use FIDO2/WebAuthn public-key cryptography to eliminate passwords entirely. Learn how they work, how to implement them, and how to handle device loss with synced passkeys.

12 min read·
AWS Secrets Manager vs HashiCorp Vault (2026): The Full Comparison
Security

AWS Secrets Manager vs HashiCorp Vault (2026): The Full Comparison

AWS Secrets Manager is a secret store; Vault is a secrets service. Full head-to-head on pricing at three scales, rotation vs dynamic secrets, auth methods, Kubernetes integration, and migration paths — with the decision table I use before writing any config.

18 min read·
Certificate Management at Scale: Let's Encrypt, ACME, and cert-manager
Security

Certificate Management at Scale: Let's Encrypt, ACME, and cert-manager

Automate TLS certificates with Let's Encrypt, ACME protocol, and cert-manager in Kubernetes. Covers HTTP-01, DNS-01, wildcards, private CAs, and expiry monitoring.

10 min read·
SSRF Attacks: What They Are and Why Cloud Environments Make Them Dangerous
Security

SSRF Attacks: What They Are and Why Cloud Environments Make Them Dangerous

SSRF lets attackers reach internal services through your server. Learn how cloud metadata endpoints amplify the risk and how to defend against SSRF.

10 min read·
← NewerPage 3 of 4Older →

Stay in the loop

New articles delivered to your inbox. No spam.