Case study - From a working prototype to a secure production launch
A small business owner had built a real, working internal app with an AI tool, but it wasn’t ready to handle sensitive data in production. Here is how I took it from prototype to a secure Azure deployment they own outright. Details are anonymized at the client’s request.
The starting point
The client runs a small business and had built an internal workflow app that their staff use for forms and documentation. They built the working version themselves with Perplexity, and it did exactly what they needed in testing.
The gap was the one most people hit: a working app is not the same as one that can safely handle sensitive, regulated records in production. Before any real data went live, the app needed proper access control, audit logging, secure secret storage, tested backups, and a documented compliance trail.
The approach
I ran the project in three milestones, the same three-milestone approach I use on every deployment, with the client approving each one before we moved to the next.
- 01 Review & plan
- I reviewed the existing Node and React app, confirmed I had the access I needed, and delivered a written implementation plan covering the exact Azure services, the data migration, and the security controls. The client approved the plan before any work started.
- 02 Test deployment & validation
- I deployed the full environment to a test setup using infrastructure as code, so the client could log in and confirm the app behaved exactly as it did in their own testing. They signed off once everything checked out.
- 03 Production launch & handoff
- I deployed to the production environment, the client validated their access, and I delivered a complete written handoff documenting every part of the system.
When the plan changed mid-project
I would always rather avoid surprises, and the milestone process exists to prevent them. But something unexpected comes up in almost every project, and what matters is being ready to adapt. My job is to do what it takes to reach your goal, not to hide behind the original scope.
During the testing phase, the client realized he had missed a key feature: letting users sign documents electronically. Instead of treating that as out of scope, I helped him add it.
He had built the new feature in a fresh AI chat that had no context of his existing app, so the new code didn’t fit cleanly with what was already there. On a live working session, I worked through the integration with him and got the feature in place properly. Because the automated deployment pipeline was already set up, pushing the updated code out was simple: it deployed to the test environment automatically, and we validated it there before going live.
Helping owners add new features to an app an AI tool built, without breaking what already works, is exactly what a live session with me is for.
What was built
The whole environment was defined in infrastructure as code and built in the client’s own Azure account:
- Hosting on Azure App Service. The app served over HTTPS only, on properly configured Azure infrastructure.
- A managed PostgreSQL database. Kept off the public internet, with backup and a tested restore.
- Sign-in with Microsoft Entra ID. Staff sign in through Entra ID with multi-factor authentication enforced.
- Secrets in Azure Key Vault. Every password and key stored in Key Vault, none left in the code.
- Monitoring & audit logging. Centralized logs and an audit trail through Azure Monitor and Log Analytics.
- A clean production cutover. Staging and demo credentials removed before go-live, with no test data left behind.
The result
The client now has a secure production environment ready for real, sensitive data, hosted entirely in their own Azure account and owned by them. Access is controlled and logged, secrets are protected, backups are tested, and every part of the system is written up in a handoff they can give to anyone.
They went from a prototype built with an AI tool to a production deployment they fully control, without having to become cloud experts themselves.
Ready to get your app moving?
Tell me what you’ve built and where you’re stuck. I’ll get back to you within one business day.