Security
Midcore is designed with security in mind: no hardcoded secrets in code, audit events for privileged actions, and gates that enforce invariants such as tenancy and RBAC. This page summarizes practices and configuration you control.
Secrets and credentials
- Do not commit API keys, tokens, or passwords to the repository. Use environment variables or a secret manager and reference them by name.
- Rotate credentials periodically and revoke any that may have been exposed.
- In CI, use pipeline secrets (e.g. GitHub Secrets) and restrict access to the minimum required.
Config files
Audit and logging
Privileged actions (e.g. gate runs, scope changes, admin operations) can be logged for audit. Configure log level and retention to meet your compliance needs. In self-hosted deployments, ship logs to your SIEM or log aggregator. Do not log secrets or full request/response bodies; log correlation IDs and action types instead.
Network and access
| Practice | Description |
|---|---|
| TLS everywhere | Use HTTPS for all API and UI traffic; avoid plain HTTP in production. |
| Least privilege | Grant users and API keys only the permissions they need. |
| Network policies | In self-hosted, restrict which services can talk to which; lock down egress if required. |
| Tenancy | Gates and data access respect tenant boundaries; no cross-tenant access. |
Gates and invariants
Gates can enforce security-related invariants (e.g. no hardcoded secrets, RBAC checks, tenancy). Define and run these gates in .maestro/gates.yaml and run midcore gates run in CI so failures block releases. See Gates reference and Gates & evidence.
Security checklist
- Secrets in env or secret manager only; never in repo or logs.
- Auth and RBAC configured; SSO/OIDC if required.
- TLS for all production endpoints.
- Audit logging enabled and retained per policy.
- Gates that enforce security invariants run in CI.
- Dependencies and images kept up to date; patch known vulnerabilities.