Cryptographic Data Export Pipeline — Document Signing Platform

Built a Durable Functions orchestrator for bulk export of signed envelopes. Envelope-level encryption using Azure Key Vault DEK/KEK pattern, dual-cloud storage across Azure Blob and AWS S3, SQL Server metadata tracking, and parallel batch processing. Includes a cryptographic key rotation tool. Clean domain-driven architecture with CQRS-style query objects. A system where getting the security architecture wrong has real consequences.