Every change is attributable. Every secret is injected, never stored in plain text. Every endpoint is TLS-only.
Every mutation is recorded with attribution to a user, admin session, API token or webhook, and includes JSON diffs of the before / after state. Records are never edited or deleted. Streaming export is available for SIEM integration.
Admin users have explicit roles for portal, admin and operator personas. The principle of least privilege governs every screen and every API endpoint.
API tokens carry scopes. A read-only reporting token cannot mutate state. Tokens can be rotated and revoked from the admin UI, and every API call is captured in the audit log.
Integration credentials are stored in the app_config table (not in environment variables or container images) and can optionally be resolved from an external secret store (Vault, CyberArk, Azure Key Vault, AWS Secrets Manager, or Conjur) with a 60-second TTL cache. Secrets never appear in logs or the audit diff.
Container images are built reproducibly and scanned on every release.
Found something? Email us. We acknowledge within one business day, and we will credit you in the changelog if you would like.
security@xenpool.de