I build IAM primitives, distributed architectures and production systems. From the first API contract to the last alert resolved.
Rust
services, CLI, APIs
IAM
Keycloak, OIDC
K8s
OPA, AuthZen, MCP
Flagship Product
Open-source IAM platform, built in Rust
FerrisKey is an enterprise-grade identity and access management platform — the kind of system where correctness is non-negotiable. I co-founded it, designed the architecture, wrote the core, and own the production stack.
Hexagonal architecture in Rust. Service boundaries designed before the first line of code. API contracts that the entire stack depends on.
Multiple services on Kubernetes. Event-driven coordination, eventual consistency, and horizontal scalability by design.
GitHub Actions CI/CD, Prometheus + Loki for observability. Maintained with SLO discipline — shipped and kept alive.
What I Do
Not a list of frameworks. What I actually deliver, end to end.
I design systems at the domain level — defining service boundaries, API contracts, and data ownership before touching a framework. My IAM expertise (OIDC, policies, multi-tenancy) comes from building FerrisKey: an identity platform where correctness isn't optional.
I build services that coordinate reliably at scale. Event-driven architectures, Kubernetes orchestration, and consistency models designed for failure — not just for the happy path.
I don't stop at the deploy. CI/CD pipelines, structured observability with Prometheus and Loki, and the mindset of an owner — not a contractor. If it pages at 3am, I'm the one who fixed the design that caused it.
Expertise
I focus on the parts of a system where product design, security constraints and operational reality meet.
OIDC, OAuth2, FerrisKey, token lifecycle, multi-tenant realms and secure product boundaries. Protocol implementation from spec — not from tutorials.
OPA, RBAC, ABAC, delegated authorization and policy-as-code. Fine-grained access control that stays auditable when security teams need answers.
Kubernetes-native identity, service-to-service auth, mTLS and SPIFFE/SPIRE between workloads. IAM at the infrastructure layer.
Event-driven auth flows, Kafka-based audit pipelines, and consistency decisions for systems that stay explainable under failure.
Auth systems that are observable and recoverable. Structured audit logs, token flow metrics, and SLOs for security-critical infrastructure.
Projects
Each project is a system decision made concrete — architecture choices, protocol design, and long-term maintenance.
Enterprise-grade IAM platform built in Rust. OIDC, multi-tenancy, policy engine, and Kubernetes-native — designed for systems where correctness is non-negotiable.
A FerrisLabs project focused on realtime collaboration foundations, protocol design and reliable services.
A framework for Discord bots designed around modular plugin architecture and a declarative API surface. Built with Dart.
A core engine for real-time video communication, designed as a composable system with pluggable transport layers.
A rendering engine that compiles JSON scene graphs into motion design videos. Zero-dependency architecture.
A boilerplate for building complete documentation systems. MDX content, TypeScript logic, and Astro for static generation — opinionated structure for maintainable docs.
Generate Rust structs and CRUD repositories from your database schema — correct types, derives, and sqlx annotations. Supports PostgreSQL, MySQL, SQLite.
A FerrisLabs product for messaging and newsletter workflows with clean delivery and platform boundaries.
Discover all my open-source projects on GitHub.
Blog
Stay up to date with the latest news and updates.
Open source is more than a development model — it's a philosophy. Here I share my perspective on digital sovereignty and how FerrisLabs fits into that picture.
In this article, we will explore different ways to manage user access and actions within a hypothetical platform designed to offer client/prospect management as well as quote/invoice tracking.
Managing environment variables is a critical point in any application; learn how to manage them correctly for Dart.
Baptiste Parmantier
