ALL SYSTEMS
CASE STUDY 04
Enterprise Ready

IT Asset Management System

ODOO · Python · Fernet AES Encryption · Enterprise Module

EnterpriseSecurityPythonOdooEncryption
IT Asset Management System
SYSTEM_MONITOR // ASSET-MANAGEMENT
SCROLL
THE PROBLEM

Laptops were assigned informally. Credentials lived in a WhatsApp group. Nobody knew what to reclaim.

IT infrastructure across a multi-branch holding company is invisible by default. No system tracked what was assigned, to whom, or when licenses expired. Security audits were manual exercises. Offboarding was incomplete because there was no record to work from.

THE STANDARD APPROACH FAILS BECAUSE:

No central record — assets tracked in a spreadsheet, credentials in chat messages
Licenses over-allocated with no mechanism to detect or prevent it
Storing passwords in plain database fields means database access equals credential access
Offboarding required manual memory — always incomplete, never auditable
THE ENGINEERING CHALLENGE

Storing passwords in plain fields is a security failure. The module required field-level encryption using a key that never touches the database. Second challenge: dynamic custom field framework for evolving asset schemas.

"Fernet AES encryption with the key stored separately from credential records — database access never equals credential access."

— KEY ARCHITECTURAL DECISION

TECHNICAL DECISIONS // 5 MADE

01

Fernet AES encryption — credentials encrypted before database write

02

Field-level masking in UI with authenticated reveal

03

Dynamic custom field framework for evolving asset schemas

04

Automated offboarding checklist and execution wizard

05

SOC 2 and ISO 27001 aligned design patterns

SYSTEM ARCHITECTURE
Security-First Infrastructure // FIPS 140-2Asset LifecycleLicense ManagerCredential VaultFernet AESService CatalogOffboardingodoo ORMValidated Data LayerImmutable LogsChain of Custody
PRODUCTION_EVIDENCE // VAULT_01
Buffer_Active
SSD_R_1.2GB/s
ASSET REGISTRY
ASSET REGISTRY

Full lifecycle tracking with chain-of-custody

LIVE_PROD
IMG_ID: 1042
WHAT WAS BUILT

Asset Lifecycle

FULL CHAIN OF CUSTODY
  • Asset registry with category hierarchy and dynamic custom fields
  • Lifecycle state machine: procurement → assignment → maintenance → retirement
  • Barcode generation and printing for physical asset labeling
  • Purchase order linking — asset created automatically from PO line
  • Assignment and transfer workflows with complete audit trail

Credential Vault

FERNET AES / FIPS 140-2
  • Fernet encryption — credentials encrypted before database write
  • Encryption key stored as Odoo system parameter, never in credential records
  • Field-level masking in UI — password visible only on authenticated reveal
  • Every access logged with timestamp, user, and IP
  • Granular access control — grant and revoke per credential

License Management

SEAT TRACKING
  • License registry with seat capacity tracking
  • Per-employee assignment with over-allocation prevention
  • Expiration monitoring with automated alerts
  • License-to-service and license-to-credential linking

NEXT SYSTEM

DomeLearn — Mobile Learning Platform

Every learning app requires 20-minute sessions. Nobody has 20 minutes on the bus.