What is true in the code today.
We build update infrastructure, which means we are part of your supply chain. This page describes the mechanisms that protect it — stated plainly, and measured live inside the platform rather than asserted.
No unsigned path
Every artifact — container, model, config — is TUF-signed before it exists in the system; devices verify the full metadata chain against a root pinned on the device.
Supply-chain integrity
Mutual TLS everywhere
Devices hold per-device X.509 identities; private keys are generated on the device and never leave it.
Device identity
Offline roots of trust
TUF root and targets keys never touch the backend; online signing is scoped so a compromise is contained by design.
Key management
Hash-chained audit log
Every state change is appended to a tamper-evident chain — editing, deleting or reordering any record breaks it, verifiably.
Evidence
Encrypted secrets at rest
Registry credentials are AES-256-GCM encrypted in the control plane and never reach a device.
Data protection
argon2id passwords, scoped API keys
Passwords are argon2id-hashed; API keys are stored only as SHA-256 and cannot manage users or other keys.
Access control
No payload telemetry
We see metadata, never the contents of your artifacts or your data — auditable in the code.
Privacy
Air-gap deployable
The entire control plane runs on a single on-prem node with no cloud dependency in the core path.
Deployment
Certifications
ISO 27001 and SOC 2 are on our roadmap. Until then, this page lists what is true in the code today — and inside the console, the same properties are measured live, not asserted. Found something? Write to hello@meshanics.com (see security.txt).