Security

Application Security:

No message content storage - Message bodies are never stored, only operational metadata (e.g., message ID, timestamps, status) is retained.
Log redaction enforcement - All message content is automatically redacted in application logs.
AES-256 message encryption - Inter-service messages are encrypted end-to-end using AES-256 with a randomly generated IV per message. The messaging infrastructure is deployed in private subnets and is not exposed to the public internet.
Webhook signature verification - All inbound Slack and Microsoft Teams events are verified using HMAC signature checks with replay attack protection via timestamp validation before any processing occurs.

Encryption at rest - All data stores are encrypted using customer-managed keys with automatic rotation.
Secrets management - No credentials stored in code or environment files. All secrets (DB credentials, API keys, Slack tokens, ...) live in AWS Secrets Manager, KMS-encrypted.
IAM least privilege - Every service uses scoped IAM roles via OIDC (no long-lived credentials).
Database hardening - Database enforces SSL/TLS on all connections, deployed in private subnets only (no public internet access), deletion protection enabled.
Container security - ECR image scanning on every push. Container images are accessible only to authorized runtime environments.

GitOps-enforced deployments with ArgoCD - All infrastructure and application changes go through Git. ArgoCD keeps production in sync with Git.
Hardened pod security - All containers run as non-root users.
Observability - All services emit traces and metrics with OpenTelemetry.