Settings / Security

Shared identity, accounts, policies, and receipts

Settings / Security

Security and resilience controls

Local portal security follows OpeniBank v4 invariants: fail-closed checks, explicit permits, signed receipts, and recoverable encrypted backups.

ControlStateDetail
Key StorageEnabledKeys encrypted at rest with local passphrase
Receipt Signature ValidationEnabledMandatory Ed25519 verification before trust
Permit EnforcementEnabledAll spend flows require explicit permit context
Anomaly Kill SwitchArmedStops agent execution on critical anomalies
Offsite BackupOptionalEncrypted bundle export for disaster recovery

Operator checklist

  • Rotate admin credentials every 90 days
  • Test encrypted backup restore monthly
  • Audit worldline integrity after each version upgrade
  • Restrict node dashboard access to trusted network ranges