Skip to main content

Encryption Requirements

Reviewed on: 2026-01-21 Status: Draft (requires deployment-specific validation)

This document defines encryption expectations for Primus deployments. Validation depends on your infrastructure and cloud provider configuration.

In Transit

Enforce TLS 1.2+ for all client and service-to-service traffic.
Validate certificates and disable weak ciphers.
Ensure webhook endpoints are HTTPS only.

At Rest

Enable disk and database encryption for all storage used by Primus-enabled services.
If using cloud storage (Azure Blob, S3), enable server-side encryption and restrict access keys.
Ensure backups are encrypted and access-controlled.

Evidence Needed for Production

TLS configuration report or load balancer policy settings.
Storage provider encryption settings and audit logs.
Backup encryption verification.

Review Log

2026-01-21: Baseline requirements documented. Validation pending.

In Transit
At Rest
Evidence Needed for Production
Review Log