Skip to main content
evemeta

Security

CITADEL: zero-trust ephemeral runtime envelope.

CITADEL is the security architecture wrapping Evemeta application platforms that operate in regulated, classified, or otherwise security-sensitive environments. It is a runtime envelope, not a product sold standalone.

Architecture

Runtime envelope, not standalone product.

CITADEL provides a zero-trust execution envelope for application platforms. It is invoked when a deployment requires zero-trust authentication, ephemeral runtime, no persistent secrets at rest, and a tightly bounded privilege surface. Platforms running inside CITADEL retain their normal application interfaces; the envelope changes the runtime, identity, and secret-handling posture beneath them, not the developer-facing surface.

Security properties

What CITADEL provides at runtime.

Zero-trust authentication

No implicit trust based on network position. Every call is authenticated against a verifiable identity, every time.

Ephemeral runtime

Application instances are short-lived by design. State that needs to persist is externalized to controlled stores; the runtime itself is disposable.

No persistent secrets at rest

Secrets material is not written to durable storage on application hosts. Privilege material has a defined and auditable lifetime.

Bounded privilege surface

Capabilities granted to running components are explicit, narrow, and time-bounded. The default posture is denial.

Honest scope

What CITADEL does not claim.

  • CITADEL does not assert any particular accreditation; assertions are made under specific program review.
  • CITADEL does not replace a customer's own program-level security controls; it composes with them.
  • CITADEL is not offered as a standalone security product; it is the runtime envelope for Evemeta platforms.

Under NDA

What is not on this page.

Threat model, formal security properties, deployment topology, and audit posture are available under NDA to qualified parties under appropriate program review.

Reviewing variants

Compare against the tight one-pager variant.

View tight variant