Secrets & key management
|
|
| ID |
MOD-045 |
| System |
SD07 |
| Repo |
bank-platform |
| Build status |
Deployed |
| Deployed |
Yes |
| Last commit |
bbdfbac46a1b5cf6dc25b4c7cd428a8daa669d03 |
All secrets managed in AWS KMS / HashiCorp Vault. No secrets in code or config files. Automatic rotation on schedule.
Module dependencies
Depends on
| Module |
Title |
Required? |
Contract |
Reason |
| MOD-104 |
AWS shared infrastructure bootstrap |
Required |
— |
AWS shared infrastructure provisioned by MOD-104 (EventBridge buses, S3, KMS, Kinesis, Cognito) is required before this module can be deployed. |
Required by
| Module |
Title |
As |
Contract |
| MOD-044 |
JWT role-based access control |
Hard dependency |
— |
| MOD-046 |
Privileged access management (PAM) |
Hard dependency |
— |
| MOD-068 |
Authentication & session management |
Hard dependency |
— |
| MOD-073 |
Document vault |
Hard dependency |
— |
| MOD-075 |
Internal API gateway |
Hard dependency |
— |
| MOD-100 |
External asset connector |
Hard dependency |
— |
| MOD-124 |
Physical card issuance and bureau integration |
Hard dependency |
— |
| MOD-128 |
Credit bureau enquiry and CCR integration |
Hard dependency |
— |
| MOD-157 |
External provider stub service |
Hard dependency |
— |
| MOD-158 |
Test seed data loader |
Hard dependency |
— |
Policies satisfied
| Policy |
Title |
Mode |
How |
| DT-001 |
Information Security Policy |
AUTO |
Secrets cannot be extracted by developers — vaulted and access-controlled |
| DT-002 |
Cybersecurity Policy |
AUTO |
Key rotation automated — no reliance on manual rotation schedule |
| AML-007 |
Sanctions Screening Policy |
AUTO |
Sanctions list decryption keys managed centrally — no offline copy possible |
Capabilities satisfied
(No capabilities mapped)
Part of SD07 — Data Platform & Governance Infrastructure
Compiled 2026-05-22 from source/entities/modules/MOD-045.yaml