Security
Security documents how AeThex protects identity, data, projects, organizations, APIs, and operational systems.
Security posture
Security is a platform-wide responsibility, not a single feature.
Security spans Passport, Authentication, Permissions, Security-Model, infrastructure, API behavior, secret handling, audit logs, and user education.
Security priorities
- Protect identity and session flows.
- Keep secrets out of client code and public repos.
- Enforce least-privilege permissions.
- Audit sensitive actions.
- Harden API and webhook integrations.
- Document incident response and disclosure expectations.
Practical checklist
- Use Passport for identity flows.
- Validate tokens server-side.
- Check authorization after authentication.
- Rotate compromised credentials.
- Log admin and security-sensitive actions.
- Review access regularly.
Warning
Never paste production secrets, tokens, private keys, or credentials into public docs, tickets, chats, screenshots, or issue trackers.