Agent security

Keeping the agent secure and advanced security options.

Core characteristics

It is our goal to make the agent as secure as possible by default. There is no implicit trust, and every transaction is individually verified. The agent has these core security characteristics:

Transport encryption: All communication is TLS encrypted with explicit hostname verification.
Limited attack surface: The agent always initiates communication, direct to the server; it does not listen on the network and does not expose any ports or APIs.
Two-way authentication: The agent continuously authenticates itself with the ConfigX server; and the ConfigX server must continuously authenticate itself with the agent.

The ConfigX agent is fully open-source. You can review the source code on GitHub.

Security considerations

The agent itself has a very limited attack surface, which means the primary security concerns lie with Account security (and, beyond, with ConfigX's platform security).

To further enhance security and fully eliminate trust in the platform itself, you may choose to enable PGP signing.

Advanced PGP signing

With PGP signing enabled, each deployment must be signed with a PGP key that is trusted by the agent. This means even in the event of a full account or platform compromise, valid deployments cannot be created and the agent will not execute them.

This feature is in development and will be available ahead of public launch.

PreviousAccount security

Last updated 2 years ago