uptrakit

Security

  • Overview— Security architecture, cryptography, PKI, authentication, secret handling, and secure deployment guidance for Uptrakit.
  • Security Architecture— Uptrakit follows a defense-in-depth model for agents, controller, and proxies.
  • Cryptographic Details— Cryptographic primitives used by Uptrakit, including TLS, key hierarchies, password hashing, and encryption-at-rest algorithms.
  • PKI and Certificate Lifecycle— Uptrakit operates an internal PKI for agents and MQTT services, covering CA lifecycle, certificate issuance, and renewal windows.
  • Authentication and Authorization— Authentication methods, JWT access token claims, role and permission model, and auth middleware behavior in Uptrakit.
  • Secrets Handling and Encryption at Rest— SecretString wrapper, AES-256-GCM envelope encryption, master key handling, and secret redaction conventions for Uptrakit.
  • TOFU and TLS Hardening— Four explicit TOFU modes, trust composition options, ServerName binding, and operator override semantics for Uptrakit Agents and Services.
  • Filesystem and Dependency Security— Filesystem permission hardening, TOCTOU-safe file creation, path traversal prevention, and dependency security safeguards in Uptrakit.
  • Secure Development— Secure coding expectations for contributors, including plugin input validation, SSRF prevention, and security-sensitive code review guidance.
  • Reverse Proxy Security Model— Security considerations for reverse proxies in front of Uptrakit, covering trusted proxy enforcement, header trust, and mTLS precedence.
  • SSH Agent Secret Storage— How the SSH-backed agent stores and protects SSH credentials using independent envelope encryption and AES-256-GCM.
  • Sudoers Management— How Uptrakit generates and manages per-command sudoers drop-in files on remote SSH hosts, avoiding NOPASSWD:ALL grants.
  • Notification Subsystem Security— Security model for notification channels covering secret storage, webhook HMAC signing, Telegram callback verification, and tenant isolation.
  • Audit Log Security— Uptrakit uses semantic audit logs with durable, mutation-first records of security-relevant actions and outcomes.
  • GitHub Actions Attestation Verification— Uptrakit can verify GitHub Actions Sigstore-based SLSA attestations for software releases to protect against supply-chain attacks.
  • Interactive Updates Security— Security model for interactive update sessions, which grant stdin access equivalent to shell access on a remote host.
  • Master Key Rotation— Guide for rotating the master encryption key (KEK) for the controller and SSH agent using O(1) envelope encryption re-wrapping.
  • Shared Surface Security— Shared surfaces security enforced by fail-closed contract admission, per-request authorization, and transport controls.
  • Zero-Configuration Discovery Security— Threat model and security mitigations for Uptrakit's mDNS/DNS-SD zero-configuration discovery feature.