Security
AuthOS is security-sensitive infrastructure. The codebase includes several security-focused design choices, but safe operation still depends on how you deploy and manage it.
Code and protocol choices
- Rust for the backend implementation
- Argon2 password hashing
- JWT signing support
- MFA, passkeys, and magic-link flows
- audit and security-event surfaces
Deployment expectations
You are responsible for:
- TLS and reverse-proxy configuration
- protecting database access
- managing secrets such as JWT keys and
ENCRYPTION_KEY - keeping your deployment updated
Reporting a vulnerability
Do not open a public issue for a security problem. Use the contact address on this site so details can be handled privately first.