-
Notifications
You must be signed in to change notification settings - Fork 0
feat(security): secret-at-rest via host IDataProtectionProvider (M3c) #72
Copy link
Copy link
Open
Labels
area:securitySSRF guard, signing, secret-at-rest, receiver verifySSRF guard, signing, secret-at-rest, receiver verifypriority:p2Normal priorityNormal priorityreadyHas acceptance criteria + DoD; pickable by the loopHas acceptance criteria + DoD; pickable by the looprisk:criticalSSRF/signing/secret/public-API/migrations; review + design (Opus, max)SSRF/signing/secret/public-API/migrations; review + design (Opus, max)type:featNew featureNew feature
Description
Metadata
Metadata
Assignees
Labels
area:securitySSRF guard, signing, secret-at-rest, receiver verifySSRF guard, signing, secret-at-rest, receiver verifypriority:p2Normal priorityNormal priorityreadyHas acceptance criteria + DoD; pickable by the loopHas acceptance criteria + DoD; pickable by the looprisk:criticalSSRF/signing/secret/public-API/migrations; review + design (Opus, max)SSRF/signing/secret/public-API/migrations; review + design (Opus, max)type:featNew featureNew feature
Part of #9 (M3 epic). Decomposed slice M3c.
risk:critical— human-merge + design update. Notagent-labelled yet. Independent of M3a/M3b.Acceptance criteria
IDataProtectionProvider(encrypt on store, decrypt on use).Definition of done
Design: docs/concepts/security.md.