Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Security Operations Baseline

Operator security baseline: security-relevant knobs in a single operational contract — safe defaults, fail-closed gates, observability points (sys.settings).

Sources

Defaults

  • server.addr = 127.0.0.1:5152 as the safe default.
  • Remote bind is forbidden by default without an explicit insecure override.
  • TLS is opt-in by default; for remote bind, policy may require TLS fail-closed.

Required fail-closed gates

  1. Remote bind without allow_insecure must fail startup.
  2. Password auth without TLS must fail startup.
  3. Runtime settings changes (sys.set_setting) require the session_settings role (RM-0.6.4.16).

Knobs registry (operator highlights)

  • [security] allow_insecure, [security] dev_mode
  • [tls] enabled, [tls] cert_path, [tls] key_path, [tls] require_on_remote_bind
  • ANGARABASE_AUTH_MODE, ANGARABASE_TLS_ENABLE
  • ANGARABASE_TDE_ENABLE, ANGARABASE_TDE_MASTER_KEY_ID
  • ANGARABASE_AUDIT_LOG_PATH, ANGARABASE_AUDIT_DML_MODE

Secrets (for example, ANGARABASE_AUTH_PASSWORD, master key) must not appear in sys.settings.

Security modes matrix

  • Local + strict/group_commit: allowed.
  • Local + relaxed durability: allowed with warning.
  • Remote bind: only with explicit override and warning.
  • Remote bind + relaxed: only with override and stronger warning.

Threat model and evidence

Threat inventory and evidence pointers are in the Operational policies baseline.

Next