Principle of least privilege
Every service should have exactly the permissions it needs and no more. Use separate API keys per service, scoped to the minimum required operations.
Secrets management
Never store secrets in environment variables in plain text in configuration files or source control. Use NexaTech Vault Secrets:
nexatech secrets set DATABASE_URL "postgresql://..." --env production
nexatech secrets inject -- node server.jsNetwork security
Enable private networking between services. Only expose public endpoints that need to be public. Use the firewall to restrict inbound traffic by IP range.
Dependency scanning
Enable automatic dependency scanning in your CI pipeline. We integrate with Snyk, GitHub Dependabot, and our own vulnerability database.
Audit logs
All administrative actions are logged to the immutable audit trail. Export to your SIEM with our Splunk or Datadog integrations.