docs: align internal docs to enterprise standards
All checks were successful
CI / verify (push) Successful in 2m33s
All checks were successful
CI / verify (push) Successful in 2m33s
Add canonical operations/security/access/feature docs and fix path integrity to improve onboarding and incident readiness.
This commit is contained in:
Joseph Doherty
67
docs/features/secure-peer-transport.md
Normal file
67
docs/features/secure-peer-transport.md
Normal file
@@ -0,0 +1,67 @@
|
||||
# Feature: Secure Peer Transport
|
||||
|
||||
## Purpose and Business Outcome
|
||||
|
||||
Protect replicated data in transit with authenticated and encrypted peer communication.
|
||||
|
||||
## Scope and Non-Goals
|
||||
|
||||
Scope:
|
||||
|
||||
- Secure handshake and key establishment.
|
||||
- Message confidentiality and integrity controls.
|
||||
|
||||
Non-goals:
|
||||
|
||||
- Data-at-rest encryption.
|
||||
- Full identity and certificate lifecycle management.
|
||||
|
||||
## User and System Workflows
|
||||
|
||||
1. Operator enables secure transport components.
|
||||
2. Peers perform handshake and establish session keys.
|
||||
3. Replication traffic is encrypted/authenticated.
|
||||
4. Health and logs expose secure mode status.
|
||||
|
||||
## Interfaces, APIs, and Events Involved
|
||||
|
||||
- `IPeerHandshakeService` / secure handshake implementation
|
||||
- Network pipeline message encryption and HMAC validation
|
||||
- Startup configuration for secure mode
|
||||
|
||||
## Permissions and Data Handling
|
||||
|
||||
- Secret material (`AuthToken`, key inputs) must be restricted to authorized operators.
|
||||
- Logs must avoid plaintext secret disclosure.
|
||||
|
||||
## Dependencies and Failure Modes
|
||||
|
||||
Dependencies:
|
||||
|
||||
- Consistent security mode across peers
|
||||
- Valid runtime cryptographic dependencies
|
||||
|
||||
Failure modes:
|
||||
|
||||
- Secure/plaintext mode mismatch
|
||||
- Handshake failure due to key/token mismatch
|
||||
|
||||
## Monitoring, Alerts, and Troubleshooting Pointers
|
||||
|
||||
- Alert on repeated handshake failures.
|
||||
- Use [Runbook](../runbook.md) for incident triage and [Troubleshooting](../troubleshooting.md) for remediation.
|
||||
|
||||
## Rollout and Change Considerations
|
||||
|
||||
- Enable secure mode in staging first.
|
||||
- Roll production nodes in controlled order to avoid mixed-mode partitions.
|
||||
|
||||
## Validation and Testability Guidance
|
||||
|
||||
- Add tests for secure-to-secure success and mixed-mode rejection.
|
||||
- Validate encrypted cluster startup and sync with production-like load.
|
||||
|
||||
## Related Security Controls
|
||||
|
||||
- [Security](../security.md)
|
||||
- [Access and Permissions](../access.md)
|
||||
Reference in New Issue
Block a user