//// Purpose ------- Information about security. //// [id="security_{context}"] = Security ACS is deployed as the container security platform, providing vulnerability scanning, compliance checking, and runtime security for containerized workloads. == Identity and Access Management Access control is implemented through Helvetia's enterprise account system. The access management model follows the Principle of Least Privilege [POLP] with a maximum of two administrators per project. A dedicated RBAC tool is used to manage role-based access permissions across the platform. == Secrets Management Sealed Secrets is used to encrypt and manage sensitive information within the Kubernetes environment. This enables version control of encrypted secrets while maintaining access controls and audit capabilities. == PKI Certificate management is handled through cert-manager with plans to implement an ACME provider. Currently, TLS certificates are issued through the internal Helvetia.io certificate authority. A migration project is underway to implement Helvetia.com certificates. Certificate lifecycle operations including issuance, renewal, and revocation are managed through automated processes. == Base Images The container image architecture uses Red Hat Universal Base Images (UBI) with additional components: - Custom certificates - Tracing agents - Specialized variants including Java, Quarkus, and JBoss tooling Base images are automatically rebuilt and pushed to Nexus on a monthly schedule to incorporate security updates and organizational requirements. == Compliance Helvetia maintains a customized set of CIS benchmarks adapted to organizational requirements. Compliance monitoring and reporting is performed through Red Hat Advanced Cluster Security, which replaced the previously used OpenShift Compliance Operator. == Customer Visibility Operational insights are aggregated through multiple integrated tools: - Lifecycle management tooling - Red Hat Advanced Cluster Security - LeanIX - MongoDB Dashboards provide visibility into: - Resource allocation efficiency - Containers with low requests but high limits - Security posture and compliance status == Conclusion