Notes from the people who build it.
Posts on credential management, project tooling, distributed systems, audit trails, and the engineering tradeoffs behind Aegis and Aero.
Why we don't bundle credentials with project membership
Why SlateBeaver separates project membership from credential access, and how that design choice prevents common engineering security failures.
Read the post →Recent posts
Text by SlateBeaver teams, not named stock-photo personas.Preparing your access controls for a security audit
What auditors actually check in access control reviews, and how to prepare your engineering team without losing a full sprint.
The .env file is a love letter to the next incident
Why 'just commit a .env.example' is the most expensive piece of advice in modern software.
Building a server-side timer that survives lid-close
Most 'real-time' timers lie. Ours keeps counting while your laptop is closed, your tab is dead, and your network is gone.
How we made cycle-time reports update in real time
A Postgres trigger, a materialized view, and one CTE we're proud of. The whole real-time trick demystified.
What we changed in Aero v3 and what we didn't
The redesign was small on purpose. Speed mattered more than novelty. A short list of choices we made and one we walked back.
Earlier posts
When break-glass becomes break-window: a postmortem on JIT access UX
SlateBeaver Security · 11 min read→From Postgres LISTEN/NOTIFY to a 200k-connection WebSocket fanout
SlateBeaver Engineering · 14 min read→What ISO 27001 auditors actually look for in access control reviews
SlateBeaver Security · 13 min read→How we think about engineering team structure at SlateBeaver
SlateBeaver Engineering · 8 min read→Who publishes here
One thoughtful email per fortnight.
We send a short, well-edited essay every other Friday on credential management, project tooling, and engineering org design.
No spam. One click to unsubscribe. We never share your address.