Security

Current MVP Security Posture

AegisMesh MVP uses NATS username/password authentication for simplicity in local dev/test environments. TLS is disabled by default.

⚠️ This is NOT production-ready for adversarial networks.

Roadmap: Adding mTLS + SPIFFE/SPIRE

1. NATS mTLS

Code locations to update:

Agent (services/agent/src/main.rs):

// FUTURE: Add mTLS client cert
// let tls_opts = nats::TlsOptions::new()
//     .client_cert("path/to/cert.pem", "path/to/key.pem")
//     .ca_cert("path/to/ca.pem");
// let nc = nats::connect_with_options(nats_url, opts.tls_options(tls_opts))?;

Gateway (services/gateway/src/main.rs): Same pattern

NATS server (deploy/docker-compose.dev.yml):

# Mount certs and update nats-server.conf:
# tls {
#   cert_file: "/certs/server.pem"
#   key_file: "/certs/server-key.pem"
#   ca_file: "/certs/ca.pem"
#   verify: true
# }

2. SPIFFE/SPIRE Workload Identity

Deploy SPIRE server (control plane) and SPIRE agent (per node)
Each workload (agent, gateway) gets a short-lived X.509 SVID via Unix domain socket
Replace hardcoded cert paths with SPIRE Workload API calls (e.g., spiffe-helper sidecar or native SDK)

Benefits:

Automatic cert rotation
Zero-trust: every workload has cryptographic identity
Audit trail via SPIRE server logs

3. gRPC mTLS (Gateway Tasking API)

Gateway (services/gateway/src/main.rs):

// FUTURE: gRPC server with mTLS
// use tonic::transport::ServerTlsConfig;
// let tls = ServerTlsConfig::new()
//     .identity(Identity::from_pem(cert_pem, key_pem))
//     .client_ca_root(Certificate::from_pem(ca_pem));
// Server::builder().tls_config(tls)?.add_service(svc).serve(addr).await?;

UI (if using gRPC-web): Proxy (e.g., Envoy) handles mTLS termination

4. UI ↔ Gateway HTTPS

Add TLS termination at Gateway Axum server or reverse proxy (Traefik/Nginx)
Self-signed certs for dev; LetsEncrypt for staging/prod

5. Secrets Management

Use Vault, AWS Secrets Manager, or K8s Secrets for NATS credentials
Never commit secrets to Git (already .gitignore'd)

Threat Model (Future)

Adversary: Nation-state jamming, man-in-the-middle, rogue insider
Assets: Telemetry data, tasking commands, operator credentials
Mitigations: mTLS (confidentiality + authenticity), SPIFFE (identity), Vault (secrets), audit logs (detection)

Compliance & Standards

NIST SP 800-207 (Zero Trust Architecture)
DoD Zero Trust Reference Architecture
CNSSI 1253 (for classified environments, add: AES-256, FIPS 140-2 modules)

Reporting Vulnerabilities

Email security@example.com (replace with real contact). PGP key available at keybase.io/yourorg.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security

SECURITY.md

Security

Current MVP Security Posture

Roadmap: Adding mTLS + SPIFFE/SPIRE

1. NATS mTLS

2. SPIFFE/SPIRE Workload Identity

3. gRPC mTLS (Gateway Tasking API)

4. UI ↔ Gateway HTTPS

5. Secrets Management

Threat Model (Future)

Compliance & Standards

Reporting Vulnerabilities

There aren’t any published security advisories

Security: rikulauttia/swarmops

Security

SECURITY.md

Security

Current MVP Security Posture

Roadmap: Adding mTLS + SPIFFE/SPIRE

1. NATS mTLS

2. SPIFFE/SPIRE Workload Identity

3. gRPC mTLS (Gateway Tasking API)

4. UI ↔ Gateway HTTPS

5. Secrets Management

Threat Model (Future)

Compliance & Standards

Reporting Vulnerabilities

There aren’t any published security advisories