https://wiggels.dev/tags/air-gap/Recent content in Air-Gap on Hunter WigelsworthHugoen-usThu, 11 Jun 2026 00:00:00 +0000https://wiggels.dev/posts/the-fortress-that-codes/Thu, 11 Jun 2026 00:00:00 +0000https://wiggels.dev/posts/the-fortress-that-codes/<p>Let&rsquo;s get something out of the way upfront. If you came here looking for &ldquo;secure dev environment, but maybe not <em>too</em> secure,&rdquo; this article isn&rsquo;t for you.</p> <p>What we&rsquo;re going to build is an architecture with these properties:</p> <ul> <li>Source code never touches a developer laptop disk. Not unencrypted. Not on a &ldquo;trusted&rdquo; laptop. Never.</li> <li>No internet egress from any dev environment. Not &ldquo;egress via approved proxy.&rdquo; Not &ldquo;egress to an allow-list.&rdquo; None.</li> <li>Every workload&rsquo;s identity is bound to a hardware root of trust that proves the workload is running on the right hardware, with the right image, in the right configuration.</li> <li>Every build is hermetic, every artifact is signed, every dependency is content-addressed and pinned.</li> <li>The browser lives outside the dev perimeter entirely. No exceptions.</li> <li>All secrets are ephemeral, per-workload, never persisted to disk in plaintext, never seen by a human.</li> </ul> <p>That&rsquo;s a lot. But here&rsquo;s the thing nobody selling you &ldquo;secure dev environment&rdquo; tooling will tell you: <strong>you can build this in 2026 and the developer experience can be genuinely excellent.</strong> Not tolerable. Not &ldquo;better than jail.&rdquo; Excellent. The reason is that the OSS ecosystem has finally matured to the point where every primitive you need is production-ready and composable, and the IDE experience over a fast network has gotten good enough that the developer basically can&rsquo;t tell their code isn&rsquo;t on their laptop.</p>