ZeKoder prioritizes security in all generated solutions by providing robust, layered security controls across each level of the architecture. These security measures are seamlessly integrated into ZeKoder’s design interface, ZeStudio, enabling non-technical users to manage security settings visually and intuitively. This document describes the various security features implemented in ZeKoder solutions, from data-level policies to encryption practices and runtime credential management.
1. Granular Data Security #
ZeKoder enforces fine-grained security controls at the data layer, allowing users to define access permissions at the table, row, and, soon, column level. This granular security ensures that sensitive data is accessible only to authorized users.
Table-Level Security #
Each data table in a ZeKoder-generated solution can be configured with its own security policies. By using PostgreSQL’s built-in row-level security (RLS) and access control lists, ZeKoder enables tailored access restrictions to different tables, ensuring that users and applications can only interact with data they’re authorized to access.
Row-Level Security #
For enhanced control, ZeKoder applies row-level security policies to allow or restrict access based on specific user roles or data attributes. This feature enables multi-tenant solutions to ensure strict data isolation between tenants, allowing only relevant data to be viewed or modified by specific users or roles.
Column-Level Security (Upcoming) #
To ensure even more precise data protection, ZeKoder plans to introduce column-level security, allowing specific columns within a table to be restricted. This additional control will make it possible to limit visibility or modification permissions to only those users who require access, providing an additional layer of data privacy.
2. Data Encryption #
Data encryption in ZeKoder solutions is designed to protect sensitive information from unauthorized access, both at rest and in transit. ZeKoder offers configurable encryption options for critical data columns, utilizing both symmetric and asymmetric encryption, depending on the sensitivity and intended use of the data.
Encryption at Rest #
Users can flag specific columns as “critical” in ZeStudio, triggering ZeKoder to apply encryption for these columns in the database. This encryption ensures that sensitive data remains secure even if the database is compromised. ZeKoder uses cloud-native key management systems (KMS), such as AWS KMS or Google Cloud KMS, to provision and manage encryption keys, offering both symmetric and asymmetric key options to maximize data protection.
Encryption in Transit #
All data communications between microservices and databases in ZeKoder solutions are encrypted using HTTPS or TLS protocols, safeguarding data integrity and confidentiality during transmission. This encryption applies to both REST and GraphQL endpoints, ensuring a secure data flow between clients, servers, and other connected services.
3. Secure Credential Management #
ZeKoder automates credential generation and management to ensure that all services and modules within a solution operate with unique, secure credentials. These credentials are handled dynamically, minimizing the risk of credential exposure.
Dynamic Credential Generation #
Whenever a solution is deployed, ZeKoder automatically generates unique credentials for each microservice or module, whether it was generated by ZeKoder or integrated as part of custom software. This approach ensures that each component within a solution is securely authenticated, limiting potential security vulnerabilities associated with static or shared credentials.
Environment Variable Injection #
Credentials required to access critical resources, such as databases or external services, are injected into microservices as environment variables at runtime. This practice reduces the risk of hard-coded credentials and enhances security by ensuring credentials are only available in the service’s runtime environment, not in the codebase or configuration files.
Cloud Key Management Integration #
ZeKoder integrates with cloud providers’ key management systems (KMS), such as AWS KMS, Azure Key Vault, and Google Cloud KMS, to manage encryption keys and secrets securely. By leveraging KMS, ZeKoder ensures that sensitive information, like database passwords and API keys, is managed in a centralized and secure manner, compliant with industry standards.
