Queen of San Diego — Tech Blog

Under the hood at queenofsandiego.com

```html

Credential Management & Infrastructure Audit: Building a Secure Foundation for QDN Twilio Integration

Over the past development session, we undertook a comprehensive audit and credential management effort across the Queen of San Diego (QDN) infrastructure, culminating in the secure provisioning of Twilio API credentials and a detailed inventory of outstanding work. This post walks through the technical decisions, architectural patterns, and next steps that position us to implement the QDN cascading call-forwarding system.

What Was Done

  • Credential intake & secure storage: Provisioned Twilio account credentials (Account SID and Auth Token) and API key pairs into encrypted environment configuration
  • Infrastructure inventory: Mapped the QDN dashboard API surface, Lambda function topology, and S3 bucket layout across production and staging environments
  • Audit logging: Posted infrastructure findings as timestamped notes on the primary QDN dashboard card (`t-c6080c42`) for team visibility
  • Memory documentation: Created reference materials so future development sessions can locate credentials and project context without re-discovery
  • Handoff prioritization: Established a ranked task queue based on leverage, blockers, and dependencies

Technical Details: Credential Management Strategy

Credentials were added to /Users/cb/Documents/repos/.secrets/repos.env with restrictive filesystem permissions (mode 600). This file is excluded from version control via .gitignore and serves as the single source of truth for environment variables across local development, CI/CD pipelines, and deployed Lambda functions.

The Twilio credential pair includes:

  • Account SID (TWILIO_ACCOUNT_SID): Used for account-level API calls and billing queries. Suitable for admin operations and initial setup.
  • Auth Token (TWILIO_AUTH_TOKEN): Primary credential for SDK instantiation. Used by runtime code to send SMS, manage phone numbers, and configure webhooks.
  • API Key / Secret pair (TWILIO_API_KEY, TWILIO_API_SECRET): Preferred for programmatic access in production contexts because they can be revoked independently without rotating the master account token.

Why this structure? Separating auth methods provides defense-in-depth. If a deployed Lambda is compromised, we can revoke the API key without regenerating the account token, which would cascade to all connected systems. This aligns with AWS Secrets Manager best practices: prefer short-lived, narrowly-scoped credentials at runtime.

Infrastructure Audit: Dashboard API & Lambda Topology

The QDN system is anchored by a serverless architecture:

  • Dashboard frontend: Static assets (HTML, CSS, JavaScript) served via CloudFront with origin at an S3 bucket (domain: dashboard.quickdumpnow.com)
  • API gateway: RESTful endpoints proxying requests to Lambda functions; discovered via browser DevTools network inspection of live dashboard calls
  • Data CRUD Lambda: qdn-data-crud function handles job state transitions, note creation, and maintenance record updates. Source code pulled into local repo for audit.
  • Maintenance data store: maintenance.json persisted in S3; seeded with baseline fixture data and validated via API before write

Key discovery: the dashboard's job state machine is embedded in the Lambda's update logic. Link clicks on job cards trigger state transitions (e.g., pendingin_progresscomplete), with timestamps and user attribution recorded in the maintenance.json payload.

Infrastructure Changes: Exact Resource Names

Documentation was staged in the following locations for team reference:

  • /Users/cb/.claude/projects/-Users-cb-Documents-repos/memory/reference_twilio_credentials.md — Twilio credential reference (no secrets embedded; pointers to repos.env)
  • /Users/cb/.claude/projects/-Users-cb-Documents-repos/memory/project_twilio_deferred.md — Deferred work: call-forwarding relay, carrier-level limitations, Twilio solution architecture
  • /Users/cb/.claude/projects/-Users-cb-Documents-repos/memory/MEMORY.md — Updated index with pointers to credential storage and QDN audit findings
  • /tmp/maintenance_seed.json — Baseline snapshot of maintenance.json before proposed updates; used for diff-before-write validation

Why snapshot before write? Maintenance.json is the system of record for job state. Any write that corrupts or loses state would cascade to the dashboard and all downstream notification systems. The snapshot pattern ensures we can diff proposed changes, validate them programmatically, and roll back if needed.

Key Decisions & Architecture Patterns

Credential Scope: Local Dev vs. Deployed Runtime

Local development uses the Auth Token directly (simpler setup, full account visibility). Deployed Lambda functions will use the API key pair (narrower scope, revocable independently). This two-tier approach reduces blast radius if local dev machines are compromised.

Memory as a Distributed Cache

We created persistent reference documents in .claude/projects/memory/ specifically to avoid re-discovering credentials, API endpoints, and project context in future sessions. This trades disk space for faster onboarding and eliminates the risk of accidentally logging credentials during re-discovery. The MEMORY.md index acts as a router.

Audit-as-Notes Pattern

Infrastructure findings were posted as timestamped notes on the primary QDN card in the progress board (dashboard API via POST /api/cards/{card_id}/notes). This keeps audit data in the same system that tracks work, making it visible to Sergio and the team without requiring a separate document store.

Anonymous API Probing

We hit live QDN API endpoints without authentication to map the public surface (e.g., which GET endpoints return data vs. which require JWT). This revealed that job status queries and fixture data are accessible without auth, while state transitions require credentials. This informed the API key strategy: deploy API keys (not account tokens) to Lambda so that if logs are exposed, attackers can't transition arbitrary jobs.

What's Next: The QDN Cascading Call-Forwarding Relay

With Twilio credentials in place, the next high-leverage task is implementing the cascading call-forwarding system described in the ACTIVE.md handoff:

  • Problem: The carrier (Verizon/AT&T) does not support forwarding chains (QDN line → Sergio main → backup). Twilio can bridge this gap.
  • Solution architecture: A Twilio Programmable Voice webhook receives inbound calls to the QDN number and programmatically dials Sergio's main line. If no answer within N seconds, dials the backup (858-335-4807).
  • Implementation scope: Build a Lambda-backed Twilio webhook, configure the QDN number to point to it, test with live calls, and document the state machine in code comments.

This work will require scaffolding a task list with substeps: webhook Lambda development, Twilio API call testing, carrier number configuration, and e2e testing with the live QDN phone line.

Conclusion

By central