In the fast-paced world of continuous integration and deployment (CI/CD), managing sensitive information like API keys, tokens, and credentials—collectively known as secrets—is not just a best practice; it's a critical foundation for security and efficiency. GitHub Actions provides a robust framework for automating workflows, but a common friction point for many development teams, particularly tho
The Challenge of Scalable Secrets Management in GitHub Actions For development teams scaling beyond a handful of repositories, managing environment-specific variables and secrets in GitHub Actions can quickly become a significant bottleneck. The manual duplication of configurations across multiple repos, especially when dealing with distinct environments like development, staging, and production
I got tired of the same three-step content publish loop: write draft → open CMS → paste, format, re-paste, fight the rich-text editor, click publish. Repeat for every environment — staging, then production. For one article, fine. For a team publishing 20+ pieces a month? That workflow is a quiet tax on everyone's time. So I wired up a pipeline that cuts the loop entirely. You commit a .md file to
It started at midnight I had 24 hours, a free Replit subscription, and an idea: what if I could build something like Miro — but actually understand every line of code in it? The core problem I had to solve first Multiplayer sync sounds simple until you actually build it. The hard part isn't sending a canvas update — it's figuring out what to send. canvas.on('object:modified', (e) => { socket.emi
Most teams I have worked with have one auth test in their suite. It looks like this: test('valid token verifies', () => { const token = signSync({ sub: 'user-1', aud: 'api://backend' }, secret); const result = verify(token, options); expect(result.valid).toBe(true); }); That test is fine. It is also a smoke test, not a regression suite. It catches the case where verification is completely b
FutureMe has 15 million letters in its database. They've been there since 2002. Some of them will be there in 2050. Evengood will have zero. This week I shipped The Quiet Letter — a feature where you write to your future self today, we email it on a date you pick, and we hard-delete the row from our database within 24 hours of sending it. The email is the only artifact. We don't keep a copy. Every
It was around 1am and I had three feeds open. X on my phone, Reddit on one monitor, Hacker News on the other. I was reading about a plane crash, a new AI model, and a meme war about whether oat milk counts as milk. And I realised I had no idea what the internet was actually feeling about any of it. The feeds told me what was happening. They didn't tell me how it felt. That's when the idea hit me.
I write a lot of READMEs. I ship faster than I document. I work with AI agents that write code in seconds and READMEs in minutes, and somewhere between the first commit and the third refactor, the README I wrote on Tuesday stops matching the code I wrote on Friday. The install command says npm start. The package.json defines start:prod. Anyone copying that command would have failed instantly. I'd