corrosion-admin-panel/docs/SECURITY.md

# Security by Design

Corrosion was built with multi-tenant isolation from day one.

---

## Outbound-Only Connections

Your server initiates all connections.
No inbound ports required.

## License-Scoped Isolation

Every server is isolated by `license_id`.
No cross-tenant data exposure.

## Encrypted Secrets

API keys, webhooks, and credentials are encrypted at rest.

## Short-Lived Auth Tokens

JWT sessions expire quickly and require refresh.

## Role-Based Access Control

Granular permission enforcement on every API endpoint.

---

## Built on Modern Infrastructure

* Rust backend (Axum)
* NATS JetStream messaging
* PostgreSQL
* Cloudflare DNS + SSL

Corrosion is engineered like infrastructure — not hobbyware.