Security
Using Bitwarden Secrets Manager with Kubernetes
Lessons Learned
Managing secrets in Kubernetes is one of those topics that looks simple at first and slowly becomes more opinionated the deeper you go. Over time, tooling choices start to matter less in theory and much more in day-to-day operations. Recently, I...
Run NGINX Securely in Kubernetes
Why You Should Stop Using the Default Image
When deploying NGINX in Kubernetes, many teams still use the default nginx image from Docker Hub, it’s what most quick-start examples show, so it feels natural. But there’s a hidden problem: that image runs as root by default. That might not sound...
From Observability to Action: Using Falco for Kubernetes Threat Detection
Learn how to integrate Falco into your cluster for real-time alerts, custom rules, and enhanced runtime security.
Modern cloud-native environments built on Kubernetes offer unprecedented flexibility and scalability, but with this power comes a new set of security challenges. Containers are ephemeral, workloads are dynamic, and threats can appear and disappear...
EntraWatch
Internal observability and governance tool for Azure Entra ID, built to monitor identity hygiene, credential expiry, and tenant-level compliance signals. Design and development of EntraWatch, an internal cloud-native tool for monitoring and...
kubecertmetrics
Lightweight Prometheus exporter and CLI tool for monitoring TLS certificate expiration across Kubernetes workloads and infrastructure. Designed and implemented a production-ready monitoring tool to detect and alert on expiring TLS certificates. The...
TI-Messenger (Product Platform)
Production-grade platform for secure, scalable, and interoperable real-time communication within Germany’s Telematikinfrastruktur. Operation and continuous development of a TI-Messenger (TIM) product platform built on top of the gematik reference...
TIMRef (TI-Messenger Referenzimplementierung)
Kubernetes-based reference platform for secure, interoperable real-time communication in Germany’s Telematikinfrastruktur (gematik). Design, implementation, and operation of highly available Kubernetes clusters forming the core platform...