Evan Byrne

Overview

Beaker Studio is a software service that helps developers get their code running in the cloud with minimal effort. Typically, it takes significant amounts of time for development teams to configure production-ready servers, so teams are often forced to either pay large sums of money for specialized assistance or lower their ambitions. Beaker Studio solves these and other issues by providing teams with the ability to self-service their cloud infrastructure for a reasonable subscription price.

Implementation

Beaker Studio is a passion project of mine, but also a serious commercial product. In 2021, I left my senior developer role at The Atlantic to split my time between contracting and building Beaker Studio. Over two years, I designed and developed the software service, with the first public release taking place in 2023. Colleagues Thomas Lloyd and Erin McNally stepped in to design the logo and home page, respectively. It is the most ambitious project that I have ever undertaken.

Spending two years building a business is an inherently high-risk endeavor, so all technical decisions on the project involved risk assessment. Django was chosen as the backbone of the service because I have over a decade of experience with the framework, and it does the most important things correctly right out of the box. Postgres was chosen for the database due to its mature support for unstructured data formats, strong community support, and its ability to act as a highly durable queue via advanced locking features. The user interface was built with React. This combination of technologies provided the flexibility necessary for a project with an ever-evolving set of requirements.

Beaker Studio was designed with state-of-the-art security mechanisms. In addition to standard security measures such as encryption over the network with HTTPS and file system encryption, customer secrets are also encrypted at the row level with AES-256-GCM and Scrypt, and done so in such a way that Beaker Studio cannot independently decrypt them at rest. It works just like an enterprise password manager product. When a user logs in, Scrypt is used to derive a key from their password, which is then used to decrypt keys for all the organizations they belong to, at which point they gain access to authorized organization secrets. All this extra work is done because it is the only way to ensure that a hypothetical attacker would not be able to access customer secrets at rest–even in the hypothetical scenario of a complete takeover where an attacker has gained the ability to modify infrastructure, access environment variables, and read the database.

Results

Beaker Studio is currently in public BETA as I seek feedback from other developers. You can sign up for the waitlist and give it a whirl once approved. It's production-ready, with Beaker Studio actually being deployed by another instance of itself, so it is plenty stable to rely on for real projects.