Platform-Engineering

The execution boundary determines everything: features that need the system alive belong in the platform (OSS). Features that analyze artifacts after shutdown become the product (commercial). A framework for clean OSS/commercial separation.

Kubernetes Secrets are simple and often sufficient. But at scale, some teams separate compute from secret storage. Understanding the trade-offs: etcd vs cloud vaults, cluster RBAC vs cloud IAM, sync patterns vs runtime access, and when each pattern makes sense.