Security

This document covers the current status of security measures. * [Helm chart trust chain](#helm-chart-trust-chain) * [Kubernetes security enforcements](#kubernetes-security-enforcements) * [Network policies](#network-policies) # Helm chart trust chain Helm charts are signed and validated against GPG keys in `helmfile/files/gpg-pubkeys`. For more details on Chart validation, please visit: https://helm.sh/docs/topics/provenance/ All charts except the ones mentioned below are verifiable: | Repository | Verifiable | |-------------------|:----------:| | open-xchange-repo | no | # Kubernetes security enforcements This list gives you an overview of default security settings and whether they comply with security standards: ⟶ Visit our generated detailed [Security Context](./docs/security-context.md) overview. # Network policies Kubernetes network policies are an essential measure to secure your Kubernetes apps and clusters. When applied, they restrict traffic to your services. `NetworkPolicy` resources protect other deployments in your cluster or other services in your deployment from getting compromised when another component is compromised. We ship a default set of Otterize `ClientIntents` via [Otterize intents operator](https://github.com/otterize/intents-operator) which translates intent-based access control (IBAC) into Kubernetes native network policies. This requires the Otterize intents operator to be installed. ```yaml security: otterizeIntents: enabled: true ```