Security
Provider API keys live in GCP Secret Manager, never in responses or logs. The audit chain is designed to be verifiable by anyone, not just by us.
Provider keys never leave the gateway
OpenAI, Anthropic, Google, and NVIDIA keys are stored in GCP Secret Manager and injected at runtime. They never appear in responses, error messages, or logs. All upstream requests use Bearer headers, no keys in URLs.
Ed25519-signed audit chain
Every call is appended to a hash chain and signed with a persistent Ed25519 private key stored in Secret Manager. The public key is at GET /v1/provenance/pubkey. Anyone can verify any receipt offline, no trust in Attestic required.
Credentials stored as bcrypt hashes
Passwords are bcrypt-hashed with a sha256 pre-hash. API keys (atk_…) are stored only as SHA-256 hashes. The plaintext key is shown once at mint; Attestic cannot recover it.
Tenant isolation
Audit records, receipts, and usage data are own-tenant only, 403 on any cross-tenant attempt. The admin API is gated by an explicit allowlist (ATHERION_ADMIN_TENANTS). Rate limits and budgets are enforced per-tenant.
Found a vulnerability? Email leighton@velariq.ai with details.