Encryption & Key Management
Encryption and key management principles.
SupraOS is designed to protect data in transit and at rest using standard enterprise security patterns. Key management options may vary by deployment model and engagement.
Encryption principles
- Encrypt data in transit using modern TLS configurations.
- Encrypt stored data where supported by the deployment platform.
- Protect secrets and credentials using managed secret storage.
- Separate credentials by environment and customer context where appropriate.
- Limit access to secrets to services and personnel with a need to operate the environment.
Secrets and connector credentials
- Scoped to the minimum required permissions.
- Stored in secure secret-management infrastructure.
- Rotatable.
- Revocable.
- Auditable where supported.
- Segmented from unrelated environments.
Customer-managed keys
Customer-managed key options may be evaluated for qualified enterprise deployments. Availability depends on architecture, hosting model, and customer agreement. SupraOS does not claim universal customer-managed key support unless confirmed in writing.
Need deeper diligence?
Qualified evaluators can request security review materials or start with a read-only Company Scan.