Security is the canonical default.
Vadyl is built fail-closed by construction. Field-level AEAD encryption, governed connections, deny-by-default cross-project access, immutable audit trails.
What we ship by default
Field-level AEAD
App-level encryption with versioned envelopes, AAD-bound to tenant/entity/field. Keys rotated through IKeyRing.
Pluggable KMS
AWS KMS, Azure Key Vault, GCP KMS, HashiCorp Vault — all canonical surface kinds. Bring your own root of trust.
Fail-closed access
Capability mismatches, missing grants, malformed expiries — all fail closed. There is no permissive degradation path.
Field-names-only realtime
Realtime change events deliver field names — never values. Encrypted-field leak prevented by design.
Tamper-evident audit
Audit trails materialized through a source-transactional relay. Outbox-backed. Replayable.
Tenant isolation
Physical storage namespaces driven by immutable canonical project IDs. Cross-project requires explicit federation.
Egress control
Authored runtime can't make arbitrary outbound calls. Every external integration is a governed connection.
OAuth 2.1 / RFC 9728
Standards-compliant identity. PKCE, refresh-token families with reuse detection, MFA challenges.
Wasm sandboxing
Authored capability surfaces run in Wasmtime with epoch deadlines, signed via IKeyRing, host-import-restricted.
What we have, what's coming
Responsible disclosure
Found a security issue? We take vulnerability reports seriously and run a coordinated disclosure program. Email security@vadyl.dev with details. We respond within 24 hours.
Read security.txtNeed to talk to security?
Compliance officers, CISOs, and procurement teams welcome. We'll get you the documentation, architecture details, and audit reports you need.