Access Control & Auditing

  • Role-Based Access Control (RBAC): Defines granular roles (e.g., Admin, Developer, Auditor) with least-privilege permissions. Access policies are managed via declarative YAML manifests and enforced by the API Gateway.

  • Multi-Factor Authentication (MFA): Supports MFA workflows (TOTP, WebAuthn) for critical operations, such as key management and deployment approvals.

  • Audit Logs: Immutable, append-only logs of user actions, API calls, and system events stored in a write-once object store. Logs are indexed for real-time querying and long-term retention (configurable up to 7 years).

PreviousSandboxed EnvironmentsNextCompliance Modules (KYC/AML)

Last updated