Security Considerations

Security Considerations

Threat Model

Threats Mitigated:

1. VPS Compromise - Credentials stored in Vault, not on VPS

2. Credential Theft - Encrypted before Vault storage (AES-256-GCM)

3. Unauthorized Access - Role-based access control with re-authentication

4. Insider Threats - Comprehensive audit trail tracks all access

5. Credential Aging - Automated 180-day rotation policy

Residual Risks:

1. Vault Compromise - If Vault is compromised, encrypted credentials exposed (mitigated by encryption)

2. Encryption Key Theft - If encryption key stolen, credentials can be decrypted (mitigated by key rotation)

3. Admin Account Compromise - Compromised admin can access credentials (mitigated by re-authentication, audit trail)

Best Practices

1. Principle of Least Privilege

   • Only platform-admin and support-team roles can access credentials

   • Re-authentication required for every access

   • Time-limited access (15 minutes)

2. Defense in Depth

   • Multiple layers: Vault access control + encryption + re-authentication + audit logging

   • No single point of failure

   • Assume breach mentality

3. Audit Everything

   • All credential access logged

   • Monitor for suspicious activity

   • Alert on anomalies

4. Rotate Regularly

   • Automated 180-day rotation

   • Manual rotation capability

   • Emergency reset workflow

5. Test Recovery

   • Quarterly disaster recovery drills

   • Verify backup restoration

   • Document recovery procedures