Skip to content

Security Model

Jump to bottom
Nyk edited this page Mar 6, 2026 · 1 revision

Security Model

Last reviewed: 2026-03-06 Owner: security

Use this page for security controls, responsibilities, and deployment hardening.

Authentication Methods

  • Session cookie (mc-session, login endpoint).
  • API key (x-api-key header).
  • Google Sign-In (with admin approval flow).

Authorization

Roles:

  • viewer: read-only.
  • operator: read + operational writes.
  • admin: full system operations and user/settings control.

Baseline Hardening

  1. Change default credentials before any shared deployment.
  2. Run behind reverse proxy with TLS.
  3. Restrict host/origin via MC_ALLOWED_HOSTS.
  4. Never expose unauthenticated dashboard endpoints publicly.
  5. Rotate API keys periodically.

Data and Secret Handling

  • Keep secrets in environment variables, not in repo.
  • Persist runtime data in secured .data storage.
  • Restrict filesystem access to runtime user.

Security-Sensitive Features

  • Constant-time webhook signature verification.
  • Device identity signing for gateway auth.
  • CSRF/auth network access control in proxy middleware.
  • RBAC enforcement at API layer.

Incident Security Response

  1. Revoke compromised credentials.
  2. Rotate API keys and session secrets.
  3. Capture logs and timeline.
  4. Patch and redeploy.
  5. Document in postmortem and update this page.

Clone this wiki locally