Policies
Policies are automated security rules. They enforce constraints without manual intervention.
Policy Types
Secret TTL (Time to Live)
Maximum time a secret can be cached on a device. After TTL expires, the agent must re-fetch from the cloud.
Use case
Limit exposure if a device is compromised
Example
max_ttl_hours = 24
Rotation Schedule
Flag secrets for rotation after a set interval.
Use case
Compliance requirements (PCI-DSS, SOC2)
Example
rotation_interval_days = 90
Boot Rate Limiting
Maximum boot requests per device per hour.
Use case
Prevent brute-force boot attempts
Example
max_boot_rate_per_hour = 10
IP Allowlisting
Only allow device boots from specified IP ranges (CIDR notation).
Use case
Restrict to your VPC, office IP, or datacenter
Example
10.0.0.0/8, 172.16.0.0/12