Lesson 1 — From `.env` to Centralized Secrets

Topics

• Manage secrets securely with `.env` files first
• Understand the limits of local env-file secrets
• Compare local secret files with centralized secret managers
• Understand secret rotation workflows in teams and deployed systems
• HashiCorp Vault
• Infisical
• Docker and Docker Compose
• VPS deployment
• Reverse proxy and HTTPS configuration
• CI automation
• Health checks and graceful shutdown
• Operational documentation
• Containerize the application and PostgreSQL
• Use Docker Compose as the default deployment path
• Deploy to a VPS
• Configure a reverse proxy with HTTPS
• Complete the Reverse Proxy + Health Check challenge by verifying traffic flows correctly through the proxy and health/readiness endpoints behave correctly
• Add a CI workflow for linting and tests
• Ensure restart safety and basic boot persistence
• Expose health and readiness endpoints
• Confirm logs can be inspected in a practical way
• Write a runbook for common operational tasks
• Deployment repository or deployment branch
• CI workflow configuration
• Deployment guide
• Runbook
• Live URL or deployment recording
• Short note on operational tradeoffs

This lesson is finished