The Day I Realized Every Developer Could Read Prod DB Credentials: A Microservices Migration Story
In the ATG monolith, production DB credentials lived behind a JBoss SSH gate — effectively unreachable without infra access. After modernizing to microservices on Azure Kubernetes, every developer’s Azure account could read prod DB, Redis, and Service Bus secrets from Key Vault with a single CLI command. VPN and device whitelisting gated the network path, but not the humans. The migration didn’t just change our architecture — it quietly widened the insider blast radius.