Secrets Management
HashiCorp Vault-based access models, service secrets, Kubernetes authentication, AppRole, and LDAP integrations. Ownership-based access where teams and services are the unit of trust — not individual people.
I build infrastructure and security platforms around secrets management, PKI/TLS automation, Kubernetes, and Go backend systems.
Focused on reducing operational risk, automating certificate lifecycle management, and building reliable internal platforms for engineering organizations.
Four overlapping disciplines. The common thread is reducing operational risk and making security mechanisms practical for the engineers who depend on them. Each entry below documents what I treat as the interface to that area.
HashiCorp Vault-based access models, service secrets, Kubernetes authentication, AppRole, and LDAP integrations. Ownership-based access where teams and services are the unit of trust — not individual people.
Certificate lifecycle automation, internal CA integrations, service identity, renewal flows, and production-grade TLS operations. Short-lived certificates as a forcing function for healthy operations.
Platform integrations for Kubernetes-based environments, service authentication, automation workflows, and infrastructure reliability. Designed so workloads inherit identity and secrets without bespoke wiring.
Backend services, internal developer platforms, and security automation tools. Boring, observable, low-blast-radius services that the rest of the platform can quietly depend on.
Published articles with source attribution and English adaptations on infrastructure security, PKI/TLS automation, secrets management, and backend platform engineering.
How to automate TLS certificate management across thousands of services, reduce operational risk, and make PKI part of service lifecycle management.
Why Kubernetes Secrets alone are not enough for enterprise secrets and certificate management, and how ownership, Vault, PKI automation, and least privilege reduce operational risk.
Listed articles include a source URL when they were published externally. English adaptations are edited for an English-speaking engineering audience.
I am a backend and security platform engineer focused on infrastructure systems that make engineering organizations safer and more reliable.
My work sits at the intersection of backend development, platform engineering, secrets management, PKI/TLS automation, Kubernetes infrastructure, and internal security tooling.
I am especially interested in systems that reduce manual operational work, improve service ownership, and make security mechanisms practical for engineering teams.
I am open to senior backend, infrastructure, platform, and security engineering roles focused on internal platforms, infrastructure security, PKI, secrets management, and backend systems.