Skip to content

docs: create deployment security hardening guide #46

Open
Open
docs: create deployment security hardening guide#46
Labels
documentationImprovements or additions to documentationgood first issueGood for newcomerssecuritySecurity improvements
@salishforge

Description

@salishforge
salishforge
opened on Apr 8, 2026

Summary

No comprehensive deployment hardening guide exists. Operators need guidance on:

  1. Required environment variables for production (AUDIT_HMAC_KEY, ADMIN_TOKEN, OAUTH2 config)
  2. PostgreSQL hardening (RLS, connection limits, TLS)
  3. Redis hardening (AUTH, TLS, network isolation)
  4. HTTPS enforcement and reverse proxy configuration
  5. Network segmentation (LLM providers, database, Redis)
  6. Backup and disaster recovery for memory data
  7. Monitoring and alerting on security events

Deliverable

Create DEPLOYMENT-SECURITY.md with production checklist and reference architecture.

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationgood first issueGood for newcomerssecuritySecurity improvements

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions