Field note9 min read
Ship secure by removing footguns
We paved a happy path: branch deploys spin up with temporary IAM, secrets are short-lived, and developers never see production tokens.
gh secret set PREVIEW_TOKEN --body "$(openssl rand -hex 24)" -R org/app
railway variables set PREVIEW_TOKEN=$PREVIEW_TOKENDefaults we enforce
- OIDC-backed GitHub runners with per-PR IAM roles
- Service mesh sidecars for identity + mTLS inside the cluster
- SBOM + vuln gates hooked into artifact promotion
Outcome
Mean time-to-ship stayed under 2 days while shrinking blast radius.
Security UX patterns
- Pre-flight checks surface policies before deploy, not after
- CLI helpers wrap short-lived creds so engineers never see secrets
- Security scorecard in PR template with auto-filled evidence
Outcome
Mean time-to-ship stayed under 2 days while shrinking blast radius.
Key takeaways
- Ephemeral everything
- Short-lived secrets
- Paved roads
AppSecZero TrustDevEx
