Security
A tool that operates on your servers has to be secure by design.
Security is not a feature we bolt on — it is the foundational contract between OpsLantern and the operators who install it.
Architecture
How we protect your infrastructure.
Outbound-only agent
Agents open no inbound ports. A single outbound WebSocket tunnel means NAT and firewalls remain unchanged.
JIT credentials
Credentials are pulled from the vault at execution time, used once, and never cached to disk on the agent.
Signed command execution
Every dispatched action is cryptographically signed. Agents refuse unsigned or altered payloads.
MFA + SSO
SAML/OIDC with mandatory MFA for operators. SSH certs over raw key files for agent fleet.
Immutable audit
Every action, approval, log pull, and credential checkout is appended to an immutable, signed audit stream.
Tenant isolation
Row-level security at the database layer. A bug in application code cannot leak data across tenants.
On-prem option
For sovereignty-sensitive customers, OpsLantern can deploy entirely within your network. No data leaves your boundary.
Least privilege by default
RBAC at the resource + action level. Blast-radius limiter. Break-glass with dual-approval. Global kill switch.
Responsible disclosure
Report a security issue.
We welcome reports from security researchers. If you believe you have found a vulnerability in OpsLantern, please contact us at security@opslantern.com.
We commit to:
- Acknowledge your report within 3 business days.
- Provide an initial assessment within 7 business days.
- Keep you informed until resolution, and credit you publicly if you wish.
Please do not exploit beyond what is strictly necessary to demonstrate the issue, and do not share details publicly until we have had time to remediate.
See our security.txt for machine-readable contact metadata.