Tech synopsis

1. Identity access management

This section outlines our approach to Identity and Access Management (IAM) using Keycloak.

  • Keycloak provides centralized authentication, authorization, and user management, enabling single sign-on (SSO) and secure access control.

  • It supports fine-grained role-based access control (RBAC), multi-factor authentication (MFA), and integration with various identity providers.

  • By utilizing Keycloak, we ensure robust security and seamless user experiences across our applications.

For detailed information, refer Keycloak

2. Secret management

This section details the implementation of secrets management using HashiCorp’s Vault.

  • Vault securely stores, manages, and dynamically generates secrets such as API keys, passwords, and certificates.

  • It ensures fine-grained access control, audit logging, and automatic secret revocation and renewal.

  • By leveraging Vault, we enhance our security posture, ensuring that sensitive information is accessed and managed securely across our infrastructure.

For detailed information, refer HashiCorp vault

3. Audit logs

This section describes the implementation of audit logging using AspectJ.

  • AspectJ provides powerful aspect-oriented programming capabilities to intercept and log key actions within our applications.

  • By integrating AspectJ, we capture comprehensive audit trails of user activities, system events, and access to sensitive data.

  • This approach ensures transparency, aids in compliance with regulatory requirements, and enhances our ability to monitor and respond to security incidents effectively.

For detailed information, refer AspectJ

4. API gateway

This section describes our API Gateway implementation.

  • The API Gateway acts as a reverse proxy, handling requests from clients and routing them to appropriate backend services.

  • It provides essential features such as request routing, load balancing, security, and rate limiting.

  • By centralizing these functions, the API Gateway simplifies client interactions with microservices, enhances security, and improves performance.

  • This approach ensures efficient and secure communication between clients and our backend services.

For detailed information, refer spring cloud gateway

5. Persistence

This section outlines our persistence strategy using PostgreSQL and Liquibase.

  1. PostgreSQL

    • PostgreSQL is our robust, scalable relational database management system, providing reliable data storage and complex query capabilities.

    For detailed information, refer PostgreSQL

  2. Liquibase

    • Liquibase is used for database version control, enabling automated tracking, management, and deployment of database schema changes.

      For detailed information, refer Liquibase

  3. Microsoft Azure

    • Azure offers cloud-based database hosting and management services. By leveraging Azure, we ensure high availability, security, and scalability of our database infrastructure. Azure’s managed services reduce operational overhead and provide advanced features like automated backups, performance monitoring, and disaster recovery.

For detailed information, refer Azure portal

This combination ensures data integrity, simplifies database management, and enhances overall application stability and performance.

6. Documentation

This section covers our documentation process using Asciidoc and Antora.

  • Asciidoc provides an intuitive, readable markup language for writing documentation, while Antora organizes and generates a cohesive, navigable documentation site.

Key benefits

  • Key benefits include modular documentation, version management, and consistent styling.

  • Documentation is structured with Asciidoc syntax, organized into modules and components using Antora, and built into a user-friendly site.

  • This approach ensures maintainable, scalable, and easily accessible documentation for our users.

For detailed information refer

7. Cloud infrastructure

Azure is Microsoft’s cloud computing service providing a range of cloud services, including those for compute, analytics, storage, and networking.

  • Users can choose and configure these services to develop and scale new applications, or run existing applications in the public cloud.

  • Azure Hosting offers reliable, scalable, and flexible cloud hosting solutions.

Azure Container Apps

  • Azure Container Apps is a managed service that enables users to run microservices and containerized applications on a serverless platform, simplifying the deployment, management, and scaling of apps in containers without managing the underlying infrastructure.

For more details, visit Azure Container Apps Documentation.