Security Fundamentals

Core Concepts

This section defines the foundational security models and mechanisms of the OpenBao Operator, establishing the baseline for secure operations.

Security Model

The Operator implements a Defense-in-Depth strategy, ensuring security at multiple layers:

1. Threat Modeling: Proactive identification of attack vectors and mitigations.
2. Profiles: Pre-configured security postures (Development vs. Hardened).
3. Secrets: Secure lifecycle management for root tokens and auto-unseal keys.

Topics

• Threat Model

  ---

  Detailed analysis of trust boundaries, potential threats, and architectural mitigations.

  Read Analysis

• Security Profiles

  ---

  Comparison of development versus hardened profiles and their impact on cluster configuration.

  Compare Profiles

• Secrets Management

  ---

  How the Operator generates, encrypts, and rotates sensitive credentials like Root Tokens and Recovery Keys.

  Manage Secrets

See Also

• Infrastructure Security — RBAC and Network Policies.
• Workload Security — Pod Security and TLS.