StarlingX security encompasses a broad number of features.

  • TLS support on all external interfaces

  • Kubernetes service accounts and RBAC policies for authentication and authorization of Kubernetes API / CLI / GUI

  • Encryption of Kubernetes Secret Data at Rest

  • Keystone authentication and authorization of StarlingX API / CLI / GUI

  • Barbican is used to securely store secrets such as BMC user passwords

  • Networking policies / Firewalls on external APIs

  • UEFI secureboot

  • Signed software updates