Skip to content

Security Architecture

Security Architecture

SSH-KLM is designed with security as a core principle.

Security Layers

┌─────────────────────────────────────────┐
│          Network Security               │
│  TLS 1.3 │ mTLS │ Firewall │ VPN       │
├─────────────────────────────────────────┤
│        Authentication Layer             │
│  JWT │ API Keys │ SSO │ MFA            │
├─────────────────────────────────────────┤
│        Authorization Layer              │
│  RBAC │ Policies │ Attribute-based     │
├─────────────────────────────────────────┤
│          Data Protection                │
│  Encryption at Rest │ Key Management   │
├─────────────────────────────────────────┤
│          Audit & Monitoring             │
│  Logging │ SIEM │ Alerting             │
└─────────────────────────────────────────┘

Encryption

In Transit

Connection	Protocol	Cipher
Client → API	TLS 1.3	AES-256-GCM
Agent → Server	mTLS	AES-256-GCM
Internal services	TLS 1.2+	AES-256

At Rest

Data	Encryption
SSH Private Keys	AES-256-GCM
Database	TDE (Transparent Data Encryption)
Backups	AES-256 + GPG

Authentication

API Authentication

// JWT token structure
{
  "sub": "user@example.com",
  "iat": 1704528000,
  "exp": 1704531600,
  "roles": ["operator"],
  "permissions": ["keys:read", "keys:rotate"]
}

Agent Authentication

mTLS with client certificates
Certificate rotation every 90 days
Certificate pinning supported

Authorization (RBAC)

Role	Permissions
Viewer	Read hosts, keys
Operator	+ Trigger discovery, rotation
Admin	+ Manage policies, users
Super Admin	+ System configuration

Key Material Handling

Generation: Keys generated using cryptographically secure RNG
Storage: Encrypted with envelope encryption
Transmission: Only over encrypted channels
Deletion: Secure wipe with multiple passes

Audit Trail

All actions logged with:

Timestamp (UTC)
Actor identity
Action performed
Resource affected
Source IP
Result (success/failure)

Compliance

SSH-KLM supports compliance with:

SOC 2 Type II
PCI-DSS
HIPAA
GDPR