1. Encryption at Rest
Secret values are encrypted using AES-256-GCM before storage.
2. Authentication
Passwords are securely hashed. Authenticated routes require valid sessions.
3. Stack Links
By default secret values are masked, links may expire, and downloads are disabled unless explicitly enabled by the owner.
4. Abuse Prevention
Rate limiting and audit logging are used to help protect the platform.
5. Responsible Disclosure
If you believe you found a vulnerability, contact: security@configstack.dev