tAPIstry
Back to docs index

Post-Quantum Readiness

Learn how Tapistry mitigates quantum-era risks and tracks PQC adoption. The detailed roadmap lives in docs/security/POST_QUANTUM_READINESS.md.

Highlights

  • Access tokens default to 5 minutes (service tokens 15 minutes, refresh tokens 24 hours) to keep replay windows tight.
  • JWT signing algorithm is configurable (`ES256`, `ES384`, `RS256`, `EdDSA`) with ES384 as the hosted default.
  • Terraform exposes the active ALB TLS policy (`alb_tls_policy`) so hybrid ECDHE+Kyber suites can be adopted the moment AWS ships them.