This page covers how Sovereign protects credentials, secures inter-service communication, and enforces license boundaries.
Credentials for external service integrations (API keys, OAuth tokens) are encrypted at rest using industry-standard encryption:
For production deployments, use a dedicated key management service for your encryption master key. The Auth Service supports Azure Key Vault and HashiCorp Vault as key providers, in addition to environment variable configuration.
The message queue handles step dispatch between the Engine and Executor Workers:
The default Docker Compose configuration does not enable TLS for inter-service communication. For production deployments, configure TLS on the message queue and between all services.
The licensing system provides an additional layer of control: