Security by Design
Security isn't an afterthought at ArmoredGate—it's fundamental to everything we build. Our Voltainer runtime was designed from the ground up with security as a primary concern, using systemd-nspawn's battle-tested isolation primitives.
Infrastructure Security
Container Isolation
- Kernel namespace isolation (PID, network, mount, user)
- Seccomp syscall filtering
- Capability dropping by default
- Read-only root filesystem options
- Resource limits and cgroup controls
Network Security
- TLS 1.3 for all communications
- Network isolation between containers
- Encrypted inter-node traffic
- DDoS protection at edge
Data Protection
- Encryption at rest using AES-256
- Encryption in transit using TLS 1.3
- Regular automated backups
- Data residency options for enterprise
- Secure deletion procedures
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication support
- SSO/SAML integration for enterprise
- API key rotation and management
- Comprehensive audit logging
Compliance & Certifications
- SOC 2 Type II certified
- GDPR compliant
- HIPAA compliance available for enterprise
- Regular third-party security audits
- Penetration testing program
Vulnerability Management
We maintain a comprehensive vulnerability management program:
- Automated dependency scanning
- Container image vulnerability scanning
- Regular security patches and updates
- Responsible disclosure program
Report a Vulnerability
Found a security issue? We appreciate responsible disclosure.
Email: security@armoredgate.com
PGP key available on request.