Skip to content
License Management

Security Overview

Security boundaries

Section titled “Security boundaries”
  • Dashboard auth: Okta + NextAuth session protection
  • Convex data layer: server inventory, health history, alerts
  • Monitor API: network-exposed operational endpoint

Important current behavior

Section titled “Important current behavior”

license-monitor currently does not enforce built-in API auth headers in the Rust API handlers. Treat it as an internal service and protect it at network/proxy layers.

Section titled “Recommended controls”
  • Keep monitor APIs on private interfaces where possible
  • Use firewall rules and allowlists between tiers
  • Use HTTPS at dashboard ingress
  • Rotate Okta and app secrets regularly
  • Centralize logs for incident review

Secret handling

Section titled “Secret handling”

Store secrets in your environment management platform. Do not commit .env values or keys.