Interesting at their scale, they haven't needed to shard PostgreSQL. +1 for PostgreSQL.<p>Also, would be super curious to see and hear more about their patch to SSHD to allow it to read from a database instead of disk. This would be super useful for us as well (<a href="https://commando.io" rel="nofollow">https://commando.io</a>).<p>Lastly, it was really interesting that switching to bcrypt took their servers down, and they were forced to write a custom sha1 to bcrypt cache. One solution would be to not hash (bcrypt) API tokens, but instead just encrypt them and store in PostgreSQL. The side benefit of this, is users could view their API tokens again if needed.<p>Obviously it is less secure, but Stripe for example allows you to view your API tokens, and thus they are not hashing them.