A Smart Approach to Managing Sensitive Credentials in Rails with Sekrets

Eliminated hardcoded credentials in a Rails app by adopting the Sekrets gem with encrypted YAML and secure runtime access—reducing exposure risk to near-zero without refactoring the application architecture or adding cost.

Kubernetes Secrets Management at Scale with External Secrets Operator

Centralized, secure secrets delivery from AWS Secrets Manager to EKS using IRSA

Implemented a secure, scalable secrets management architecture using External Secrets Operator to sync credentials from AWS Secrets Manager into Kubernetes—eliminating hardcoded secrets, enabling automatic rotation, and providing namespace-level isolation with IAM Roles for Service Accounts (IRSA).

Multi-tenant “Prefix” Kubernetes Environment Automation

Idempotent provisioning for AWS/EKS with EFS, ALB, Route53, CloudFront, SSM, and Jenkins

End‑to‑end, idempotent(ish) provisioning for a multi-tenant staging prefix on AWS/EKS, wiring EFS, security groups, ALB + Route53, S3, CloudFront, SSM parameters, Docker volumes, and Jenkins jobs—then deploying core services via repeatable scripts.

Ephemeral PR Preview Environments with Pulumi & GitHub Actions

On-demand isolated environments for every pull request with automatic cleanup

Automated infrastructure provisioning that spins up complete, isolated Kubernetes environments for every pull request—enabling faster code reviews, QA validation, and stakeholder demos—then tears everything down on PR close.

Compliance as Code for AWS at Scale

Automated evidence with Prowler and Scout Suite in Jenkins

Codified compliance checks using Prowler and Scout Suite, scheduled and on‑demand, with artifacts published to S3 and announcements to Slack—creating durable evidence for audits and shortening security feedback loops.

On‑Demand Production MongoDB Clones for Testing (and DR)

Date‑targeted restore, validation, and safe teardown on AWS via Jenkins

Automated pipelines to clone production MongoDB from a chosen snapshot date for test environments—then validate and safely terminate when done. The same workflow doubles as a DR drill, cutting manual effort and time to a clean, usable dataset.

Standardized CI/CD for Node.js + Vite Apps on EKS

Reusable GitHub Actions + Helm template for backend APIs and SPAs

Implemented a boilerplate repository for new applications (greenfield). Teams click "Use this template" to create a repo, drop their backend in `server/` and frontend in `client/`, and deploy to EKS via GitHub Actions + GHCR + a single Helm chart—cutting time-to-deploy from hours to minutes and reducing boilerplate by up to 90%.

Transforming AWS Access Management: Seamless SSO with Okta

Centralized access via AWS IAM Identity Center with group‑based RBAC and automated provisioning

Implemented Okta as the identity provider for AWS IAM Identity Center with group‑based permission sets, automated provisioning/deprovisioning, and audited SSO—reducing access friction, tightening compliance, and cutting manual IAM operations.

Streamlining AWS Security with Jenkins and Scout Suite Automation

Automated security auditing and reporting for global SaaS platform

Automated AWS security auditing using Jenkins and Scout Suite for global SaaS platform, reducing manual effort by 100% and providing real-time vulnerability insights through web-accessible reports.