SECURITY
Security
If you trust us with the security of your clusters, you have the right to know how we secure Aegis Vetis itself. This page summarizes what's in place, what isn't yet, and how to reach us in case of a vulnerability.
-
Secure architecture
All outbound agent communication is mTLS. The control plane never reaches into a customer cluster on its own — agents push.
- mTLS Control Plane ↔ agents (cert-manager)
- HS256/RS256 JWTs, short TTL (15 min) + refresh
- Argon2id for local passwords
- Distroless + runAsNonRoot + readOnlyRootFilesystem
-
Threat model (summary)
Reduced attack surface: no two-way webhook, no long-lived tokens on the customer side, no public exposure of the control plane.
- Kyverno webhook: failurePolicy = Ignore by default
- Bootstrap tokens: 24h TTL, single-use
- Aggressive rate limit on /auth/*
- Hash-chained audit log (coming)
-
Hardening
Aegis Vetis applies to itself the policies it distributes: we eat our own dog food.
- Cosign keyless signed images
- No root, no host network
- Least-privilege Kubernetes ServiceAccount
- Govulncheck + gosec mandatory in CI
-
Responsible disclosure
We commit to fixing any reported vulnerability within a 90-day window. Your report stays confidential during that time.
- Email: security@aegis-vetis.io
- Initial reply within 48 business hours
- CVE coordination if applicable
- Hall-of-fame credit if you wish
RESPONSIBLE DISCLOSURE
security@aegis-vetis.io
- PGP fingerprint
- To be published — see /security/pgp.asc once the key is generated
- Window
- 90 days to fix before public disclosure