- engineering 21
- agents 14
- claude-code 12
- rag 10
- memory 7
- architecture 6
- operations 5
- migration 4
- security 4
- hooks 3
- vault 3
- durability 2
- honest-tradeoffs 2
- multi-agent 2
- query-planner 2
- queues 2
- self-hosting 2
- skills 2
- storage 2
- transactions 2
- afk 1
- chunking 1
- compliance 1
- concurrency 1
- context-engineering 1
- cost 1
- cost-tracking 1
- data 1
- decision-frameworks 1
- disaster-recovery 1
- evals 1
- firebase 1
- hardware 1
- incident 1
- intro 1
- isolation 1
- kubernetes 1
- learning 1
- manifesto 1
- mcp 1
- mongodb 1
- observability 1
- ops 1
- performance 1
- persistence 1
- pgvector 1
- postgres 1
- regression-testing 1
- sagas 1
- sdk 1
- search 1
- slash-commands 1
- stride 1
- threat-model 1
- tutorial 1
- vector 1
- wal 1
- MAY 2026
Threat model: what RedDB protects against (and what it doesn't)
An honest STRIDE walkthrough of the RedDB engine and vault. What the database protects against (cold-storage breach, replicated-secret leakage, key compromise during rotation) and what it does not (compromised application process, host-level side channels, malicious operator). Gaps are named, not hidden.
-
Per-row encryption with zero-downtime key rotation
How the vault keeps reads hot during rotation, and the one knob you should never touch in production.
-
BYOK, KMS, and the boring parts of multi-tenant secrets
AWS KMS, GCP KMS, and HSM integration for RedDB — plus the three failure modes nobody writes about until they happen at 03:00.