Skip to content
Demiton

Security Model

Security is a foundational principle of the Demiton platform. The system is designed to ensure enterprise workflows execute safely across connected systems through identity enforcement, adapter isolation, and controlled execution boundaries.

Identity enforcement

Every action within the platform is associated with an identity — user sessions, scheduled system tasks, and automated workflow triggers all carry identity context. All workflow runs record the initiating identity for audit purposes.

Authentication uses Microsoft Entra ID (OIDC + JWT). Role-based access control governs which users can create connectors, trigger workflows, and approve governance checks.

Adapter security

Adapters interact with external systems under strict rules:

  • Credentials are stored in the platform’s secure credential store, never in workflow definitions or application config
  • All adapter communication uses TLS
  • Credentials never appear in logs or Sovereign Envelope responses
  • Adapters use the principle of least privilege — request only the permissions required for the operations they perform

Ghost Protocol

Sensitive data (credentials, PII, secrets) lives in RAM only during execution. It is never written to disk, never persisted to the workflow state database, and is cleared from the pipeline context immediately after use.

Data handling

  • Workflow pipeline context is scoped to a single run and cleared after completion
  • Step outputs contain only the data required by subsequent steps
  • The AI layer applies identity-based access filters to all vector retrieval — users only receive documents they are authorized to access

Infrastructure security

  • Database connections are encrypted (TLS)
  • Internal services communicate over private networks
  • Secrets are managed via Azure Key Vault
  • Production credentials are never present in sandbox or staging environments
  • Container images are scanned for vulnerabilities in CI

Operational practices

  • Rotate adapter credentials on a regular schedule
  • Review connector permissions periodically — revoke what isn’t used
  • Monitor for unexpected API calls from the service principal in external system audit logs
  • Use sandbox environments for all integration testing before promoting to production