Security concepts

AosCloud provides security controls for managing connected Units in environments where different systems have different levels of trust, exposure, and operational responsibility.

Authentication and authorization

Access to any data is strictly controlled and allowed to only those who have been authenticated granted access. AosCloud entities (users, Units, services, etc) can be accessed only by owners or when access is explicitly granted.

Secrets management

All internal secrets are encrypted and stored in a secure vault. Secrets are never exposed to users or services outside of AosCloud. Secrets are only accessible by authorized personnel and are regularly audited for compliance with security policies. Secrets are rotated on a regular basis.

Dependency & Supply Chain Security

Keep dependencies up to date (patch CVEs) Scan for known vulnerabilities by well-known tools Use pinned versions in production Verify image integrity

Secure Development Practices

Code reviews with security focus Static analysis (SAST) — catch issues before deployment Penetration testing — simulate real attacks Shift left — catch security issues early in development, not in production

Logging & Monitoring (Observability)

Log who did what and when (audit trail) Never log sensitive data (passwords, tokens, PII) Centralized logging