Security Overview
SpaceOS implements defense-in-depth security across all layers of the platform.
Authentication & Authorization
- OTP-based authentication with JWT tokens
- Role-based access control (RBAC) per organization
- API keys with scoped permissions
- HMAC-SHA256 signed webhooks
Network Security
- All APIs served over HTTPS/TLS 1.2+
- On-premise IoT Adapters connected via Tailscale WireGuard VPN
- No inbound ports required for on-premise components
Data Security
- PostgreSQL databases with encryption at rest
- Secrets stored in environment variables (never in source control)
- Audit logging for all significant actions
Next Steps
- Encryption — Data encryption details
- Network Security — Network architecture