Security / Security Model

Start from the trust model before you choose controls.

This section explains what the operator is trying to defend, which production posture it considers safe, and how trust material such as root tokens, unseal keys, and bootstrap identities should behave across the lifecycle.

Read the threat modelReview production posture

Use this section when you need to

• understand the security assumptions behind the operator architecture
• decide what Hardened actually means before you deploy it
• review how bootstrap and unseal trust material is handled
• anchor security review conversations before diving into RBAC or network policy details

Security model routes

1. 01

   Threat model

   Read the trust boundaries, attacker assumptions, and design mitigations behind the operator.

   Open
2. 02

   Production posture

   Understand what Development and Hardened actually mean, and why Hardened is the supported production contract.

   Open
3. 03

   Secrets and trust material

   Review how root tokens, unseal keys, and bootstrap credentials are created, stored, or intentionally avoided.

   Open

Next actions

Open platform controlsMove from the trust model into the Kubernetes controls that enforce it.Configure security profilesSwitch to the user-guide task page when you are ready to set spec.profile on a real cluster.