VolatiCloud Threat Model
This page is the security claim we are willing to defend in public. It's intentionally specific about what we protect and about what we don't yet, so you can make an informed decision about what to entrust to the platform.
The structure: what's worth protecting, who we model as a threat, what we defend against today, what we're honest about not yet defending, and the wave-by-wave roadmap to close the remaining gaps. If you only read one section, read What we are honest about not yet defending.
Assets We Protect
| Asset | What it is | Why it matters |
|---|---|---|
| Exchange API keys | Credentials that let runner pods place trades on your behalf | A compromised key can place adverse trades; with withdrawal disabled it cannot drain the account directly |
| Strategy code | Your trading logic — the alpha you've spent time developing | Theft of a profitable strategy is theft of recurring revenue |
| Bot configuration | Risk parameters, pair lists, timeframes, leverage settings | Reveals strategy structure and trade size |
| Trade history & monitoring data | What your bot actually did | Reveals strategy in retrospect and exposes P&L |
| Account credentials | VolatiCloud login + session tokens | Account takeover lets an attacker reach all of the above |
Threat Actors We Model
- External attacker, no credentials. Casual scanner, opportunistic exploit, credential stuffing.
- External attacker with one user's credentials. Leaked password, phishing, session hijack.
- External attacker with elevated cloud access. Runtime exploit, container escape, supply-chain compromise of a runtime dependency.
- Insider with legitimate access. A VolatiCloud employee, contractor, or operator who can see sensitive resources in the course of their duties.
- Supply-chain attacker. A compromised dependency, container image, or infrastructure provider.
What We Defend Against Today
External Attacker, No Credentials
- TLS everywhere with HSTS preload on the public API and dashboard
- All authentication runs through Keycloak (OIDC) — see ADR-0008 — Multi-Tenant Authorization
- Bug-bounty intake for community-reported issues — see Responsible Disclosure
External Attacker with One User's Credentials
- UMA 2.0 resource-level authorization (per ADR-0008) — leaked credentials only access what that one user could access
- Session re-auth on the most sensitive operations
- Audit logs of every sensitive-resource read, visible to organization admins (Encryption — Audit Logs)
External Attacker with Elevated Cloud Access
- AES-256-GCM at-rest encryption for sensitive config fields (per ADR-0026) — full database exfiltration yields ciphertext, not plaintext keys
- Withdrawal-disabled enforcement as a hard floor — even exfiltrated keys cannot drain customer accounts
- Egress-IP allowlisting so even a stolen key only works from our runner pods (when you've configured it on the exchange side)
- mTLS on internal service-to-service traffic managed by the service mesh
Insider with Legitimate Access
- Audit logs of every sensitive-resource read, surfaced to organization admins and exportable to CSV
- Operational controls and segregation of duties for production-data access
- Background checks and signed confidentiality agreements for personnel who can reach production
- Withdrawal-disabled rule as a hard floor — even hostile insiders cannot move customer funds off-exchange
Supply-Chain Attacker
- Pinned dependency versions in
go.sumandpackage-lock.json— no floating tags, nolatest - Advisory monitoring on key dependencies (Go runtime, gqlgen, ENT, React, Docusaurus, Freqtrade)
- Container image hygiene — base images pinned by digest where supported
What We Are Honest About Not Yet Defending
These are real gaps. They're intentional in the sense that closing them requires infrastructure that ships in later trust-ladder increments — not because we don't take them seriously.
| Gap | Today's mitigation | Closes in |
|---|---|---|
| Strategy code is plaintext in our database. An insider with database access can read your strategy. | Audit logs + operational controls | Tier 1 (passphrase encryption) and Tier 2 (passkey-bound E2EE) |
| Strategy code is plaintext in runner memory at execution time. | Inherent — Freqtrade needs the code to run it. | Tier 5 (hardware-attested confidential VMs) |
| Encryption keys live on our infrastructure. | Backend-controlled key, audit logs, restricted access | Tier 3 (Bring Your Own Key — BYOK) |
| Bot monitoring telemetry is plaintext on our side so we can compute alerts and platform-wide insights. | By-design today | Tier 4 (strict mode) for orgs that want to opt out of server-side processing of monitoring data |
Roadmap
We're shipping a phased plan to close the gaps above without breaking the platform you already use. Detailed plan: Trust Feature Ladder spec. The short version:
Wave 1 (in progress)
- Withdrawal-disabled enforcement (shipped — see API Keys)
- Audit log export
- Published runner egress IPs
- Public bug bounty
- Tier 1 customer-supplied passphrase encryption (Argon2id verifier already shipped — see
api/internal/passphrase/) - Tier 3.A BYOK Lite
Wave 2
- Tier 2 passkey-backed E2EE for strategies and exchange keys
- Tier 3.B BYOK Standard with federation into your KMS
Wave 3
- Cosign-signed reproducible runner builds
- Open-source dashboard subtree under FSL-1.1-MIT
Wave 4
- Tier 5 hardware-attested confidential VM execution
- Tier 3.C BYOK Advanced with HSM-backed policy
Wave 5
- Tier 6 Bring Your Own Cloud (BYOC)
- Tier 4.D Full air-gapped mode for institutional customers
Each wave ships with a marketing claim we are willing to defend in public. We'll update this page as each wave lands so this document stays the canonical source of truth for the platform's current security posture.
Out of Scope (for This Threat Model)
- Quantum resistance. We use industry-standard symmetric ciphers (AES-256-GCM) and asymmetric primitives (P-256 for WebAuthn, RSA-2048 for Keycloak). We will revisit when post-quantum standards are widely deployed.
- Physical compromise of an end-user device. If your laptop is stolen with an active session, we cannot help. Lock your screen.
- Phishing of your VolatiCloud password. Use a strong password, enable MFA in Keycloak, and consider a password manager.
Found a Hole?
Report a vulnerability. We acknowledge in-scope reports within 48 hours.
Related guides
- Security Overview — High-level summary of what we protect.
- Encryption — Implementation details of at-rest and in-transit encryption.
- API Key Handling — Withdrawal-disabled enforcement, runtime memory hygiene, rotation cadence.
- Responsible Disclosure — How to report a vulnerability and what to expect from us.