Atg

In the ATG monolith, production DB credentials lived behind a JBoss SSH gate — effectively unreachable without infra access. After modernizing to microservices on Azure Kubernetes, every developer’s Azure account could read prod DB, Redis, and Service Bus secrets from Key Vault with a single CLI command. VPN and device whitelisting gated the network path, but not the humans. The migration didn’t just change our architecture — it quietly widened the insider blast radius.

Oracle ATG Commerce is legacy now, but its Nucleus component model, immutable repository items, and config layering were ahead of their time. Its distributed locking, custom messaging, and datasource switching were not. A reflection on what held up and what didn’t.