Security Model
This chapter documents current security posture and target model.
Current State
FLUX currently runs without built-in:
- TLS transport encryption
- client authentication
- authorization / ACL checks
So current deployment is suitable for trusted internal/dev environments.
Recommended Current Mitigations
Until Phase 5 features land:
- run broker in private network segments
- restrict inbound access to trusted clients
- place FLUX behind mTLS-enabled proxy if needed
- isolate data directory permissions
Planned Security Roadmap
Target features:
- TLS for client-broker and broker-broker links
- authentication (SASL family)
- ACL model for topic/group/admin actions
- quotas and rate limits per principal
Threat Modeling Focus
Key risks to design for:
- unauthorized produce/consume
- data exfiltration in transit
- noisy neighbor abuse without quotas
- control-plane mutation by untrusted principals
Documentation Policy
When security features are implemented, this chapter should include:
- default-secure baseline config
- certificate rotation procedures
- authn/authz troubleshooting playbooks