IDHub

Abstract

IDHub is an enterprise-grade solution developed by Gradiant for the secure and centralized management of digital identities and certificates. Designed for fintechs, banks, and organizations operating in highly regulated environments, IDHub leverages both cloud-based and on-premise Hardware Security Modules (HSMs) to ensure strong cryptographic guarantees, regulatory compliance, and operational efficiency.

By integrating technologies such as Azure Key Vault, Thales, and Utimaco HSMs, IDHub enables organizations to securely manage cryptographic keys and digital certificates at scale, simplifying authentication workflows while maintaining the highest security standards.

Details

I contributed to the development of IDHub as part of the Gradiant team, participating in both architectural and implementation-level tasks of this high-assurance digital identity platform. The project focuses on providing a robust, scalable, and compliant solution for centralized certificate and identity management in enterprise environments.

My work covered several key technical areas. I was involved in the development of a secure backend using Java and Spring Boot, as well as a cross-platform frontend based on Kotlin Multiplatform, ensuring consistency and scalability across different deployment scenarios. A significant part of my contribution was related to cryptographic engineering, including the integration of HSM-backed key management for certificate issuance, signing, and secure storage, using standards such as PKCS#11 and native cryptographic providers.

I also worked on the design and implementation of immutable audit logging mechanisms, using tamper-evident techniques and cryptographic hashing to guarantee the integrity and traceability of security-critical events. This functionality is essential for compliance with strict regulatory frameworks such as eIDAS, PSD2, and GDPR.

In addition, I contributed to the design and optimization of APIs to facilitate seamless integration with corporate applications and external systems, enabling frictionless enterprise adoption. I was also involved in CI/CD pipeline automation, improving reliability and repeatability of deployments, as well as performance and scalability optimizations to ensure the platform can securely handle high-volume certificate operations.

Through these contributions, IDHub has evolved into a mature and reliable digital identity management solution, combining enterprise-grade cryptography, HSM integration, auditability, and regulatory compliance, helping organizations reduce operational risk and strengthen their security governance.

Technologies

• Backend: Java, Spring Boot, Gradle

• Frontend: Kotlin Multiplatform

• Cryptography & PKI: PKCS#11, digital certificates, key management, cryptographic hashing

• HSM & Security: Azure Key Vault, Thales HSM, Utimaco HSM, Hardware Security Modules (HSM)

• Audit & Integrity: Immutable audit logging, tamper-evident mechanisms, ImmuDB

• DevOps & CI/CD: Docker, CI/CD pipelines, automated testing

• APIs & Integration: Secure API design, enterprise system integration

• Compliance & Standards: eIDAS, PSD2, GDPR