tAPIstry
Back to docs index

Security & Guardrails

Tapistry layers controls across build, runtime, and marketplace experiences so creators and consumers can trust the platform.

Key assets we protect

  • User-uploaded function code and container images.
  • Platform credentials: JWTs, platform keys, and third-party tool secrets (PMK, DMK, UBYOK).
  • Billing data, usage analytics, and audit logs.

Threat model highlights

  • Sandbox isolation: Functions run in non-root containers with read-only filesystems, resource limits, and seccomp profiles.
  • Network controls: Deny-by-default egress with hostname/path allowlists and audit logging for every external call.
  • Credential safety: Scoped credential injection via the egress proxy plus encrypted storage for long-lived secrets.
  • Supply chain defense: SBOM generation, vulnerability scanning, image signing, and SLSA attestations on every build.
  • RBAC and API keys: Scoped platform keys per environment, short-lived JWTs, and admin action auditing prevent privilege escalation.

Credential management modes

  • Platform-managed keys (PMK): Tapistry provisions subaccounts (e.g., Twilio, SendGrid) and injects credentials during egress so creators never handle secrets directly.
  • Developer-managed keys (DMK): Creators store their own vendor keys in the encrypted credential vault and accept ToS responsibility.
  • User-managed keys (UBYOK): End users connect personal accounts; APIs receive scoped tokens via the egress proxy at invocation time.

Need implementation detail? Read the Credential Management Modes guide for step-by-step configuration of PMK, DMK, and UBYOK flows.

Transport Security

  • External traffic terminates at the AWS ALB using TLS 1.3 with automatic HTTP→HTTPS redirects.
  • PostgreSQL and Redis connections require TLS (`sslmode=require`, `rediss://`) by default.
  • NATS messaging supports TLS endpoints with optional mutual authentication via `NATS_TLS_*` variables.
  • CloudWatch log groups and RDS storage are encrypted with customer-managed KMS keys.

Operational safeguards

  • Rate limiting and quotas at gateway, service, and tenant layers reduce DoS risk.
  • Monitoring fan-out through SNS, Slack, and PagerDuty keeps teams informed about anomalies.
  • Audit trails capture every credential access, marketplace promotion, and admin action.

Dig into the threat model and the secrets management guide for complete details.