Security Model & Features

This page describes the security architecture and features built into OpenCore, and provides guidance on how to deploy and operate the platform in a secure, enterprise‑grade manner.

Authentication & Authorization

OpenCore enforces strong authentication and fine‑grained authorization to ensure that only permitted users and services can access resources (data, queues, agents, etc.).

  • Access Control Lists
    • Users: Everything revolves around a user; if no user is supplied and guest accounts are enabled, the system runs as the Guest user.
    • Roles: All message queues, work‑item queues, and every object in the database has an Access Control List associated with it that controls who can do what. OpenCore supports nested roles to handle complex permission schemas.

Single Sign‑On (SSO) & Identity Providers

  • Supported Protocols
    • OpenID Connect (OIDC)
    • SAML 2.0
    • LDAP/Active Directory

  • Configuration
    You can add any number of federation providers under “Providers” in the OpenCore web interface. For apps and websites that need to authenticate users, you can register one or more OAuth clients via the web interface, or use one of the built‑in client IDs (agent, webapp, openapi).

  • Multi‑Factor Authentication (MFA)
    We highly recommend enabling MFA policies for all users with access to the system.

API Tokens & JWT

  • Token Issuance
    Clients authenticate via SSO or service credentials, then receive a signed JWT containing user identity and roles.
  • Token Validation
    JWTs are validated on every API request. Tokens have a default 15‑hour expiry, and all client SDKs automatically refresh them.
  • Token Introspection
    OpenCore can accept and validate tokens issued by external identity providers.

Data Security

OpenCore protects your data both in transit and at rest.

Encryption In Transit

  • TLS Everywhere
    All network communication—API calls, WebSocket connections, inter‑service messaging—requires TLS.
  • Mutual TLS (mTLS)
    For highly secure deployments, you can enable mTLS between OpenCore services and agents.

Encryption At Rest

  • Database Encryption
    MongoDB data files can be encrypted using the WiredTiger Encrypted Storage Engine. Configure a key management provider (KMIP, AWS KMS, etc.) in your MongoDB replica set. Alternatively, OpenCore can optionally encrypt sensitive payloads using AES‑256 to ensure they are never stored in clear text.
  • Environment Isolation
    Avoid embedding secrets in container images. Always generate credentials within OpenCore and manage them centrally.

Secure Deployment Best Practices

Follow these guidelines to harden your OpenCore installation:

TLS Certificates

  1. Use certificates signed by a trusted CA (internal or public). We use Let’s Encrypt by default.
  2. Automate renewal with Let’s Encrypt or your internal PKI.

Network Hardening

  • Firewall Rules
    Allow only necessary ports (e.g., 443 for API) and do not expose any other services publicly.
  • Zero‑Trust Networking
    Place OpenCore components in a segmented network; use a service mesh (e.g., Istio) for policy enforcement in Kubernetes.
  • Trusted Execution Environment
    In highly sensitive environments, consider running OpenCore in a trusted execution environment such as Talos or Kata Containers.

Container & Host Security

  • Run containers with a non‑root user, or use OpenShift, which enforces non‑root execution by default.
  • Keep host OS and dependencies up to date with security patches.
  • Use local artifact repositories to conserve bandwidth and avoid pushing internal code to external providers. (Docker registries, npm, PyPI, Conan, etc., all have on‑premise options.)

Compliance & Audit Logging

OpenCore provides comprehensive audit capabilities to meet regulatory and compliance requirements.

Audit Logs

  • What’s Logged
    • User logins and logouts
    • API calls (who, what, when)
    • Workflow and agent lifecycle events
  • Storage & Retention
    Logs are written to a dedicated, immutable collection (audit). You can configure a TTL on this time‑series collection to expire old entries.
  • External SIEM Integration
    You can forward logs and performance data to Elasticsearch, Splunk, Datadog, etc., using the OpenTelemetry Collector.

Compliance Frameworks

  • GDPR
    • Data subject access requests can be audited through the log viewer and version history.
    • Data retention policies can be enforced via TTL settings.
    • Sensitive data can be purged from the system using administrative tools.
  • PCI DSS
    • Enforce TLS 1.2+ for all data in transit.
    • Restrict administrative access to authorized personnel only.
  • HIPAA
    • Covered entities can leverage audit logs and encryption features to satisfy data access and integrity requirements.
  • FedRAMP
    • Details on FedRAMP compliance are forthcoming.

Vulnerability Management & Security Policy

Reporting a Vulnerability

If you discover any security issues, please let us know by one of the following methods:

  • GitHub Private Security Advisories
    Submit a private advisory on this repository.
  • Email
    Send an email to security@openiap.io.

We aim to acknowledge all valid reports within 48 hours.

Supported Versions

We actively provide security fixes for the two most recent major releases.
If you’re running an older version, please upgrade to continue receiving important updates.

Security Updates

  • GitHub Security Advisories
    Subscribe to be notified of any published advisories.
  • Dependabot & Automated Scans
    We use Dependabot and GitHub’s code-scanning tools to catch vulnerabilities early.
  • Third-Party Review & Penetration Testing
    We engage with independent auditors—hired by organizations using our platform—to perform annual code reviews and active penetration tests.

Disclosure & Bounty

  • Public disclosure is encouraged once a fix is available.
  • We do not currently run a paid bug-bounty program.

Thank you for helping us keep the project secure!

Summary of Best Practices

Area Recommendation
Authentication Enforce SSO (OIDC/SAML); enable MFA
Authorization Use RBAC; define least‑privilege roles
Encryption TLS everywhere; enable mTLS; encrypt data in API & database
Secrets Management Avoid hard‑coded credentials
Network & Host Hardening Restrict ports; run non‑root containers; apply patches
Auditing & Compliance Enable audit logging; integrate with SIEM; configure TTLs
Vulnerability Management Subscribe to advisories; enable Dependabot; patch promptly

By following these guidelines and leveraging OpenCore’s built‑in security features, you can deploy a robust, compliant, and secure automation platform suitable for enterprise environments.