Security Considerations

The initial configurations of TrustGraph have the following security characteristics:

Boundary Condition Consideration
External access

It is necessary to consider the external access in the TrustGraph deployment:

  • Docker Compose / Podman Compose: You should take care when using such a deployment on a host which is directly addressable from the internet. It is possible that services will be directly accessible from the internet.
  • Scaleway: The Kubernetes deployment does not have any external access enabled. Access is only possible through kubectl port-forwarding using your Kubernetes credentials.
  • OVHcloud: The Kubernetes deployment does not have any external access enabled. Access is only possible through kubectl port-forwarding using your Kubernetes credentials.
  • GCP: The Kubernetes deployment does not have any external access enabled. Access is only possible through kubectl port-forwarding using your Kubernetes credentials.
  • Azure AKS: The Kubernetes deployment does not have any external access enabled. Access is only possible through kubectl port-forwarding using your Kubernetes credentials.
  • AWS EC2: The provided configuration has a security group configuration which does not permit external access.
  • AWS RKE: The provided configuration has a security group configuration which does not permit external access.
Ensure you understand whether TrustGraph services are exposed to the network outside of your host, and always verify you understand the network security controls applied by your cloud environment.
Service credentials Internal services such as Cassandra and Pulsar are deployed without service-level credentials, relying on network isolation to prevent unauthorised access. Workspace isolation provides structural data separation through per-workspace pub/sub queues and storage partitioning. For complex multi-tenant environments consider understanding the extra security features which are available in services. See Workspaces & Data Isolation for details on the data separation model.
Gateway authentication The API gateway enforces authentication on all requests using Authorization headers. Two credential types are supported: API keys (long-lived tokens with a tg_ prefix) and username/password login which issues temporary JWT tokens. Pay close attention to user access control management. Ensure that API keys are handled and distributed only through secure channels. Prefer username/password authentication for ordinary users so that only temporary tokens are in circulation.
IAM bootstrap token On first cold start, TrustGraph creates an initial security account using the IAM_BOOTSTRAP_TOKEN environment variable. This token is only used for initial setup — once the system is running, additional accounts can be created and tokens changed through the workbench. Treat the bootstrap token as a sensitive credential. In Pulumi-based deployments it is auto-generated and retrievable via pulumi stack output. For compose deployments, choose a strong token value. Consider rotating or replacing the bootstrap credentials once the system is operational.

Enterprise Support

Enhanced security support for TrustGraph is available from KnowNext at https://knownext.io. See also Security for the broader security architecture and enterprise IAM capabilities.