Security & Trust

Security and transparency are core to the LayerRail mission. The control plane is open source precisely so that you (and auditors) can inspect how we provision infrastructure and generate evidence.

Practices

  • Encryption in transit (TLS 1.3) and at rest for state and secrets.
  • Project-scoped identity and access management (Rodauth).
  • Minimal privilege for workers; no long-lived privileged credentials where avoidable.
  • Deployment passports provide a tamper-evident trail of every provisioning action.

Responsible Disclosure

Please report vulnerabilities to security@layerrail.com. We aim to acknowledge reports within 48 hours and coordinate fixes publicly when appropriate. See SECURITY.md in the GitHub repository for the full policy.

Compliance direction

We are pursuing SOC 2 Type I and maintain GDPR-aligned data practices. Because the control plane is open, many controls can be verified directly by reading the code.

View the source and SECURITY.md →