A log of progress for the week of September 1, 2025.
With a solid authentication system in place from week one, the focus shifted to hardening the application’s core. This week was all about security and automation—specifically, ensuring user data is completely isolated and building a reliable pipeline for database changes. It was time to build the vault.
Fortifying Data Security
The first priority was locking down data access. A critical security feature was implemented to enforce strict tenant data isolation. This uses an owner_id check on every database query, guaranteeing that users can only ever access their own information.
Alongside this, I moved the database credentials out of the application’s configuration and into AWS Secrets Manager. This is a crucial best practice that prevents sensitive credentials from being exposed in code or environment variables, adding another layer of security to the infrastructure.
Automating Database Migrations
Manually managing database schema changes is risky and error-prone. To solve this, I began building an automated migration pipeline using AWS CodeBuild. The foundation was laid for a system that can run database changes automatically and securely. Key steps included:
- Configuring node-pg-migrate as the framework to define and run schema changes in code.
- Setting up VPC endpoints to allow CodeBuild to access the database privately and securely, without traversing the public internet.
- Enforcing TLS by setting sslmode=require, ensuring the connection to the database is always encrypted.
By the end of the week, the application was significantly more secure, with robust data isolation and the foundations of a professional-grade, automated deployment pipeline.