1,002 B
---\n---\n\n## Security Deep Dive: Authentication & Authorization\n\nplaintext\nUser Login → JWT Token (RS256) →\n ↓\nCedar Policy Engine →\n ↓\nFine-Grained RBAC +\nContext-Aware Rules →\n ↓\nResource Access Control\n\n\nBenefit: Enterprise-grade without complexity\n\n---\n\n## Security Deep Dive: Secrets Management\n\nDynamic Secrets\n\n- AWS STS credentials (auto-rotated)\n- SSH key generation (per-session)\n- Database credentials (TTL-managed)\n\nKMS Integration\n\n- Multiple backends: RustyVault, Age, AWS KMS, Vault, Cosmian\n- Envelope encryption (data + key separation)\n- Automatic key rotation policies\n\n---\n\n## Security Deep Dive: Audit & Compliance\n\nbash\n# Audit everything\nprovisioning audit query --user alice --action deploy --from 24h\n\n# GDPR data export\nprovisioning compliance gdpr export alice\n\n# Compliance reports\nprovisioning compliance report --standard SOC2\n\n\nStandards: GDPR, SOC2, ISO 27001, incident response