Security Operations Baseline
Operator security baseline: security-relevant knobs in a single operational
contract — safe defaults, fail-closed gates, observability points
(sys.settings).
Sources
- Configuration schema reference — the full configuration schema.
- Operational policies baseline — security governance.
- The runtime settings surface is visible via
sys.settings.
Defaults
server.addr = 127.0.0.1:5152as the safe default.- Remote bind is forbidden by default without an explicit insecure override.
- TLS is opt-in by default; for remote bind, policy may require TLS fail-closed.
Required fail-closed gates
- Remote bind without
allow_insecuremust fail startup. - Password auth without TLS must fail startup.
- Runtime settings changes (
sys.set_setting) require thesession_settingsrole (RM-0.6.4.16).
Knobs registry (operator highlights)
[security] allow_insecure,[security] dev_mode[tls] enabled,[tls] cert_path,[tls] key_path,[tls] require_on_remote_bindANGARABASE_AUTH_MODE,ANGARABASE_TLS_ENABLEANGARABASE_TDE_ENABLE,ANGARABASE_TDE_MASTER_KEY_IDANGARABASE_AUDIT_LOG_PATH,ANGARABASE_AUDIT_DML_MODE
Secrets (for example, ANGARABASE_AUTH_PASSWORD, master key) must not appear in sys.settings.
Security modes matrix
- Local + strict/group_commit: allowed.
- Local + relaxed durability: allowed with warning.
- Remote bind: only with explicit override and warning.
- Remote bind + relaxed: only with override and stronger warning.
Threat model and evidence
Threat inventory and evidence pointers are in the Operational policies baseline.
Next
- Operational policies baseline — where the policies underlying security operations.
- Backup and restore (operator-level) — data protection as part of the SecOps perimeter.
- Disaster recovery playbook — security incidents as a DR case.