-
Notifications
You must be signed in to change notification settings - Fork 0
Security Model
Richard Kindler edited this page Nov 25, 2025
·
1 revision
Security is designed around three core principles: isolation, verification, and auditability.
Private keys live in AWS HSM-backed key vaults. Gateway receives signatures only.
Zero Secrets in Code
All secrets loaded via ExternalSecrets.
Rate Limiting
Per-IP, per-token, and global limits supported.
Audit Logging
Every signing operation is logged with digest, timestamp, and KMS key ID.
Workers can run in a private subnet with NAT-only outbound RPC access.