Credential Management Platform

The existing credential management platform was originally built by a third-party vendor 6-7 years ago and had serious architectural issues. Poor organizational hierarchy management meant staff could modify organizations with trickle-down effects across entire staff groups — creating a security risk with potential PII exposure. The approval process for credential requests was very manual for the platform administrator. An internal developer who inherited support wasn't sufficiently familiar with the Laravel architecture to modify features safely.

This wasn't just an efficiency problem — it was a security and compliance risk.

I met with the business stakeholder and approached the conversation with a clear framework: "If we rebuild from the ground up properly, what are the key use cases? What are the major pain points? What have been your thoughts and visions?" I captured the transcript, then brainstormed with my partner Dave Gould and with AI assistance. We came up with a clear build plan and iterated over variations until landing on the best approach through iterative feedback and refinement.

This project also demonstrated team leadership — not solo building. I served as Project Owner while Dave Gould and Josh Oskwaresk handled development execution.

A ground-up rebuild was necessary rather than attempting to patch the legacy Laravel application. The organizational hierarchy issues were deeply architectural — patching would have left the security risk in place. The rebuild prioritized proper organizational management with safeguards against cascading changes, an automated approval workflow to reduce the administrator's manual burden, and integrated KPI reporting.

Tech Stack: React 18 + TypeScript + Vite (frontend, with React Router, Axios, React Hook Form, Zustand), Flask 3.0 + Flask-RESTX + SQLAlchemy 2.0 (backend), PostgreSQL, Alembic migrations, Flask-JWT-Extended auth, Marshmallow serialization.

Team: David Royes (Project Owner), Dave Gould (Developer), Josh Oskwaresk (Developer).

• Mitigated security risk and PII exposure from organizational hierarchy issues
• Stakeholder processes 50-150 requests per month during busy season with significantly reduced manual effort
• Integrated KPI reporting provides visibility that didn't exist before
• Better experience for organization leads requesting credentials for their staff
• Risk mitigation was the primary value — beyond just time savings
• Demonstrated team leadership and collaborative development