Page cover

Data & Key Security

This page covers how Acceso protects sensitive material. That includes API keys, secrets, and security-relevant configuration.

Security goals

  • Minimize secret exposure during request handling.

  • Enforce confidentiality through strict non-persistence of plaintext.

  • Preserve integrity through controlled issuance and revocation.

  • Maintain auditability through non-sensitive correlation metadata.

Data classification (what is considered sensitive)

Sensitive material includes:

  • API keys and key-derived credentials.

  • Configuration secrets and provider tokens.

  • Security policies and enforcement metadata.

  • Any user-provided inputs that must not be persisted.

API key handling

API keys are treated as secrets. They are never stored or logged in plaintext.

Internal services do not need plaintext keys. They only need validation outcomes and policy metadata.

Validation scope (minimize secret exposure)

Plaintext keys should be visible only at creation time. Systems should persist only hashes and safe fingerprints.

Key protections:

  • Hashed API key storage.

  • One-way, cryptographic hashing for validation.

  • Secure secret management for operational secrets.

  • Rapid revocation support for incident response.

Validation boundary:

  • Validate at request entry where possible.

  • Propagate a non-sensitive identity context internally.

  • Avoid forwarding secret headers to downstream services.

Secrets management (configuration and credentials)

Operational secrets should be centrally managed. Secrets should be rotated without downtime.

Typical expectations:

  • Access is tightly scoped per service and environment.

  • Secrets are redacted from logs and telemetry.

  • Rotation is supported as a first-class workflow.

Revocation and incident response semantics

Revocation is the primary containment primitive. It should take effect at request ingress.

Operational expectations:

  • Revoked keys are rejected before any domain work.

  • Error responses are structured and non-revealing.

  • Telemetry records only non-sensitive correlation fields.

Logging secrets is a permanent compromise. Rotate immediately if exposure is suspected.

Storage and logging guarantees

Acceso treats log sinks as hostile. Redaction must happen before emission.

Sensitive data must not leak via:

  • Access logs.

  • Error traces.

  • Metrics payloads.

  • Debug dumps and crash reports.

Operator notes (deep dive)

High-value practices:

  • Use short-lived operator credentials for production workflows.

  • Prefer scoped keys over “one key for everything”.

  • Treat policy changes as security-sensitive deploys.

  • Run periodic secret discovery checks in logs and traces.

PreviousInfrastructure & Access SecurityNextToken Launch & Distribution

Last updated