Safety and Security
Security baseline for operating and selling AiCordCloud.
API key handling
- Never commit API keys to Git
- Use a secrets manager in production
- Rotate tenant keys on schedule
Access control
- Restrict panel and server access with least privilege
- Restrict management commands to owner/admin users
Runtime guardrails
- Request timeouts
- Per-tenant rate limits
- Queue and backpressure controls
Logging policy
- Log status code, latency, tier, upstream route
- Never log full secrets
- Keep timelines for postmortems