Decisions
Engineering decisions, with their costs
Every significant decision is recorded the same way: the context, the choice, and — honestly — what it gained and what it gave up. This index grows as decisions are documented.
Application-level PII encryption over database-only encryption
A secure healthcare platform handled highly sensitive personal data under strict privacy and compliance requirements. Database-level encryption alone leaves plaintext exposed to anything with database access.
Encrypt multiple categories of PII at the application layer, and use envelope encryption to separate the encrypted data from the encryption keys. Data access followed the principle of least privilege.
- Defense in depth beyond the database boundary
- Key/data separation and a stronger key-management posture via envelope encryption
- Compliance and auditability posture appropriate to healthcare PII
- Added implementation complexity
- Encrypted fields cannot be queried by normal equality — deterministic hashing was needed for secure lookups
- Security requirements propagated into API design, data modeling, validation, and logging
Security must be part of the architecture from the start — it cannot be bolted on at the end.
Appears in · Privacy-first architecture on a healthcare platform