Security Model

How Runtime approaches identity, authorization, secrets, and secure exposure.

Agentic Friendly

Runtime security is built from several cooperating controls rather than a single security product.

Security Domains

The Runtime security model is based on four main domains:

  • Identity Keycloak provides authentication and identity federation.
  • Authorization OpenFGA supports fine-grained permission models where needed.
  • Secrets and sensitive configuration OpenBao centralizes secret and key management.
  • Transport security cert-manager, ingress configuration, and TLS certificates protect exposed endpoints.

Practical Security Flow

In a typical Runtime flow:

  1. a user or client reaches a platform endpoint through ingress or the API gateway
  2. authentication is delegated to the platform identity layer
  3. authorization is enforced through gateway rules, application logic, or fine-grained policy services
  4. workloads consume secrets through controlled platform mechanisms rather than hard-coded credentials

SSO Enrollment Model

Platform components do not register with Keycloak manually. The Terraform deployment layer generates Argo CD hook jobs that automatically enroll each SSO-enabled component into Keycloak before the component starts:

  • A PreSync setup job creates or updates the component's OIDC client, groups, roles, and group-role mappings.
  • A PostDelete cleanup job removes those resources when the component is deleted.

This means SSO integration is declarative: it is defined in the deployment configuration and applied automatically during each Argo CD sync. Components do not need custom login code or manual Keycloak admin steps.

Each component can be individually opted in or out of SSO through its sso_enable Terraform flag (defaults to true). For details, see the Keycloak component page and the Configuration Model.

What This Enables

This model gives BullSequana AI a consistent approach to:

  • single sign-on for platform services
  • automatic SSO enrollment and cleanup for every component
  • secure service exposure
  • centralized credential handling
  • auditable access patterns
  • reusable platform controls across products

Security Is Platform-Wide

Runtime security is not isolated to Runtime pages. It is the base security model inherited by other platform layers. That is why components such as APISIX, Keycloak, OpenFGA, OpenBao, and cert-manager appear repeatedly across the rest of the stack.

Operating Model

How Runtime acts as the shared operational layer for the platform.

Observability Model

How Runtime handles metrics, logs, traces, and operational visibility.

On this page

Security DomainsPractical Security FlowSSO Enrollment ModelWhat This EnablesSecurity Is Platform-Wide