The Security Subsystem is responsible for managing the core security primitives of the SRE, specifically focusing on identity, authentication, and secret management. It works in close conjunction with the SRE Security Model to provide a comprehensive security posture.
All services within the Security subsystem are accessed via the SRE.Security namespace.
The Vault service provides a secure, unified interface for storing and retrieving secrets, such as API keys, database passwords, and other sensitive credentials. By using the Vault service, agents and the SRE core can avoid hardcoding secrets in configuration or code.
The connector model allows the SRE to fetch secrets from various secure backends without changing the application logic.
IVaultConnectorSRE.Security.VaultJSONFileVaultConnector (for local development), HashiCorpVaultConnector, AWSSecretsManagerConnectorThe Account service is responsible for managing identity and authentication. It provides a way to verify the identity of a user or agent and to manage their associated data.
This service is critical for any multi-user or multi-agent environment where authentication is required before granting access to resources.
IAccountConnectorSRE.Security.AccountDummyAccountConnector (for local development, allows all access), JSONFileAccountConnector