Blame
|
1 | # Security |
||||||
| 2 | ||||||||
|
3 | Security documents how AeThex protects identity, data, projects, organizations, APIs, and operational systems. |
||||||
|
4 | |||||||
|
5 | <div class="docs-section-heading"> |
||||||
| 6 | <h2>Security posture</h2> |
|||||||
| 7 | <p>Security is a platform-wide responsibility, not a single feature.</p> |
|||||||
| 8 | </div> |
|||||||
|
9 | |||||||
|
10 | Security spans [[Passport]], [[Authentication]], [[Permissions]], [[Security-Model]], infrastructure, API behavior, secret handling, audit logs, and user education. |
||||||
| 11 | ||||||||
| 12 | ## Security priorities |
|||||||
| 13 | ||||||||
| 14 | - Protect identity and session flows. |
|||||||
| 15 | - Keep secrets out of client code and public repos. |
|||||||
| 16 | - Enforce least-privilege permissions. |
|||||||
| 17 | - Audit sensitive actions. |
|||||||
| 18 | - Harden API and webhook integrations. |
|||||||
| 19 | - Document incident response and disclosure expectations. |
|||||||
| 20 | ||||||||
| 21 | ## Practical checklist |
|||||||
| 22 | ||||||||
| 23 | 1. Use Passport for identity flows. |
|||||||
| 24 | 2. Validate tokens server-side. |
|||||||
| 25 | 3. Check authorization after authentication. |
|||||||
| 26 | 4. Rotate compromised credentials. |
|||||||
| 27 | 5. Log admin and security-sensitive actions. |
|||||||
| 28 | 6. Review access regularly. |
|||||||
| 29 | ||||||||
| 30 | <div class="docs-grid"> |
|||||||
| 31 | <a class="docs-card" href="/Security-Model">Security Model</a> |
|||||||
| 32 | <a class="docs-card" href="/Authentication">Authentication</a> |
|||||||
| 33 | <a class="docs-card" href="/Permissions">Permissions</a> |
|||||||
| 34 | <a class="docs-card" href="/Policies">Policies</a> |
|||||||
| 35 | </div> |
|||||||
| 36 | ||||||||
| 37 | > [!WARNING] |
|||||||
| 38 | > Never paste production secrets, tokens, private keys, or credentials into public docs, tickets, chats, screenshots, or issue trackers. |
|||||||