Making Encrypted Records Searchable (Without Losing Sleep Over Your Audit)

TL;DR

I needed full-text search across compliance records in Humadroid — some of which are encrypted at the application layer. The naive answer is “just decrypt everything into a search index.” The real answer involves understanding exactly what you’re trading, making that trade-off explicit and per-organization, and designing the index so it reveals as little as possible. Here’s the pattern I built, what I considered, and what I’d tell an auditor who asks about it.

2026-02-25

https://maciej.litwiniuk.net/posts/2026-02-25-searchability-for-encrypted-records/ Maciej Litwiniuk

I Got Paranoid About Security, So I Vibe-Coded a Rails Engine (Use at Your Own Risk)

TL;DR

Built Beskar - a Rails security engine with WAF, impossible travel detection, and auto-banning. Named after Mandalorian armor because layered protection. Mostly vibe-coded. Currently running in monitor-only mode on Humadroid because I’m not quite paranoid enough to trust my own paranoia gem. You probably shouldn’t use it yet. But here it is anyway.

2025-10-16

https://maciej.litwiniuk.net/posts/2025-10-16-beskar-announcement/ Maciej Litwiniuk

Category: Security

TL;DR

TL;DR