Compliance

Secret and key management

Dynafloxis must keep secrets out of source control and define a rotation/recovery policy before it can be treated as high-assurance.

Tasks

  • Store secrets in a managed secret store or vault.
  • Rotate customer-impacting keys on a defined schedule.
  • Rotate compromised or exposed keys immediately.
  • Keep encryption-at-rest enabled for all sensitive stores.
  • Prevent secret values from appearing in logs, exception payloads, or exports.