Security Operations Baseline
Short operator security baseline. Extended context and additional details are in migration history and related AngaraBook pages.
Goal
Bring security-relevant knobs into a single operational contract:
- safe defaults;
- fail-closed gates;
- observability points (
sys.settings).
Source of truth
- Config schema:
src/operations/config-schema.md - Runtime settings surfaces:
crates/angarabase/src/settings.rs,crates/angarabase/src/virtual_catalog.rs - Security governance:
src/operations/operational-policies.md
Defaults
server.addr = 127.0.0.1:5152as the safe default.- Remote bind is forbidden by default without an explicit insecure override.
- TLS is opt-in by default; for remote bind, policy may require TLS fail-closed.
Required fail-closed gates
- Remote bind without
allow_insecuremust fail startup. - Password auth without TLS must fail startup.
- Runtime settings changes (
sys.set_setting) require thesession_settingsrole (RM-0.6.4.16).
Knobs registry (operator highlights)
[security] allow_insecure,[security] dev_mode[tls] enabled,[tls] cert_path,[tls] key_path,[tls] require_on_remote_bindANGARABASE_AUTH_MODE,ANGARABASE_TLS_ENABLEANGARABASE_TDE_ENABLE,ANGARABASE_TDE_MASTER_KEY_IDANGARABASE_AUDIT_LOG_PATH,ANGARABASE_AUDIT_DML_MODE
Secrets (for example, ANGARABASE_AUTH_PASSWORD, master key) must not appear in sys.settings.
Security modes matrix
- Local + strict/group_commit: allowed.
- Local + relaxed durability: allowed with warning.
- Remote bind: only with explicit override and warning.
- Remote bind + relaxed: only with override and stronger warning.
Threat model and evidence
For threat inventory and evidence pointers, use:
src/operations/operational-policies.md
Next
- Operational policies baseline — where the policies underlying security operations.
- Backup and restore (operator-level) — data protection as part of the SecOps perimeter.
- Disaster recovery playbook — security incidents as a DR case.