Security
CITADEL: zero-trust ephemeral runtime envelope.
CITADEL is the security architecture wrapping Evemeta application platforms that operate in regulated, classified, or otherwise security-sensitive environments. It is a runtime envelope, not a product sold standalone.
Architecture
Runtime envelope, not standalone product.
CITADEL provides a zero-trust execution envelope for application platforms. It is invoked when a deployment requires zero-trust authentication, ephemeral runtime, no persistent secrets at rest, and a tightly bounded privilege surface. Platforms running inside CITADEL retain their normal application interfaces; the envelope changes the runtime, identity, and secret-handling posture beneath them, not the developer-facing surface.
Security properties
What CITADEL provides at runtime.
Zero-trust authentication
No implicit trust based on network position. Every call is authenticated against a verifiable identity, every time.
Ephemeral runtime
Application instances are short-lived by design. State that needs to persist is externalized to controlled stores; the runtime itself is disposable.
No persistent secrets at rest
Secrets material is not written to durable storage on application hosts. Privilege material has a defined and auditable lifetime.
Bounded privilege surface
Capabilities granted to running components are explicit, narrow, and time-bounded. The default posture is denial.
Honest scope
What CITADEL does not claim.
- CITADEL does not assert any particular accreditation; assertions are made under specific program review.
- CITADEL does not replace a customer's own program-level security controls; it composes with them.
- CITADEL is not offered as a standalone security product; it is the runtime envelope for Evemeta platforms.
Under NDA
What is not on this page.
Threat model, formal security properties, deployment topology, and audit posture are available under NDA to qualified parties under appropriate program review.