// Trust & Security

Built so your team can actually
trust it in production.

Autonomous doesn't mean reckless. InfraGhost operates on a least-privilege model — read-only by default, every write requires your explicit approval, and every action is logged, attributable, and reversible.

This page explains the system. Read it. Ask us hard questions. If something's missing, that's a gap we need to fix.

01 — Permission model

Read-only by default.
Write access is something you grant explicitly.

InfraGhost doesn't request broad admin credentials. It uses scoped IAM roles per environment, and the scope determines what the agent can touch — not us. You can give staging write access while prod stays read-only.

Default scope    Grant required    Never requested
Read-only (default)
Always available
List resources & configs
Read CloudTrail / audit logs
Describe security groups
Check tag compliance
Monitor metrics (CPU, memory, cost)
Inspect drift events & deltas
Write (explicit grant)
Requires your IAM scope
Apply config corrections
Scale resources (within bounds)
Re-enable disabled backups
Patch security group rules
Execute approved remediations
Never requested
Hard limits — no exceptions
Delete production resources
IAM role/policy mutations
Read secret values or env vars
Access application data / databases
Cross-account role assumption
Scoped IAM roles are per-environment. Production can have different (narrower) scopes than staging. We never request credentials for scope we don't need.

No long-lived credentials. InfraGhost uses temporary tokens via STS AssumeRole (AWS) or Workload Identity Federation (GCP) — they expire in hours, not months.

🔑
You configure
Scoped IAM Role
Least-privilege, per-env, you own the policy
Short-lived token
STS AssumeRole
1–12h expiry. Rotated on every agent session.
🛡
Agent action
Scoped operation
Only what the policy allows. Logged in full.
💀
Token expires
Zero residual access
No stored credentials. No persistent sessions.
02 — Human-approval gates

Some actions are
not yours to automate.

Certain operations always require a human to approve before InfraGhost executes. These are configurable per team — you can expand or restrict the list — but some categories are locked.

🗑
Resource deletion
Any termination, snapshot deletion, or volume detachment requires explicit approval.
🔐
IAM changes
Role modifications, policy attachments, or permission boundary changes — always gated.
📈
Scaling above threshold
Scaling beyond your configured ceiling (e.g., >10 replicas) requires manual sign-off.
🌐
Open inbound rules
Any security group rule opening to 0.0.0.0/0 or ::/0 is hard-blocked until approved.
💸
Cost-impacting changes
Actions projected to increase monthly spend by more than your configured threshold.
⚙️
Custom team policies
Define your own approval rules in YAML. Any action matching your policy waits for approval.
Drift detected
Slack / Email alert
One-click approve / reject
Execute remediation or Skip
03 — Audit log

Every action is logged.
Nothing happens in silence.

Every operation InfraGhost performs is logged with a timestamp, the resource targeted, the before and after state, the reasoning the agent used, and who (or what) triggered it. Exportable to your SIEM: CloudTrail, Datadog, Splunk.

Audit Log — prod-us-east-1
All Remediations Approvals Export ↓
Timestamp Action Resource Actor
2026-05-05 18:42:03 Remediated aws/rds/prod-db-01
Backup retention restored: 0d → 7d infraghost-agent
2026-05-05 17:31:57 Approved aws/ec2/asg-workers
Scale-up proposal approved by @jsmith @jsmith
2026-05-05 16:14:22 Detected aws/sg/prod-web-sg
Port 22 open to 0.0.0.0/0 — awaiting approval infraghost-scanner
2026-05-05 14:08:45 Rollback gcp/compute/backend-mig
Scaling rollback: 12 → 8 replicas @ops-team

* Illustrative UI — exported as JSON/CSV. SIEM integration via CloudTrail, Datadog Logs, or Splunk HEC.

04 — Data handling

Resource metadata only.
We never touch your data.

InfraGhost sees the shape of your infrastructure — resource configs, tags, scaling settings, security rules. It does not read secret values, environment variables, database contents, or any application data.

🔒
Encryption at rest
All stored metadata encrypted with AES-256. Keys rotated quarterly. Env-scoped encryption — staging and prod use separate key hierarchies.
🔐
Encryption in transit
TLS 1.3 minimum across all connections. No plaintext channels. Certificate pinning on agent-to-API communications.
🚫
No secrets access
InfraGhost cannot read the values of AWS Secrets Manager entries, GCP Secret Manager secrets, or any .env file contents. Metadata (name, rotation schedule) only.
🌍
Data residency
EU customers can choose EU-only data residency. Metadata stays in your selected region. GDPR data processing agreement available.
SOC 2 Type II In progress — target: Q2 2026. Controls are designed and implemented; audit period active.
Encryption AES-256-GCM at rest · TLS 1.3 in transit
GDPR DPA available on request. EU data residency option for all EU customers.
Data retention Audit logs retained 90 days by default. Configurable. Export anytime.
Pen testing Annual third-party penetration test. Reports available under NDA.
🛡
SOC 2 Type II — in progress
We're in our audit period now. Target completion: Q2 2026. If your security team needs to review controls before the report is available, contact us — we'll walk through the framework directly.
65% — controls implemented & evidence collection ongoing
05 — Incident & rollback

Every remediation ships
with its own undo button.

Before InfraGhost applies any write operation, it captures the full before-state. If something goes wrong — or you just change your mind — you get one click to restore it. No manual reconstruction, no guessing what the state was.

1-click
One-click rollback
Every agent-initiated change stores a before-snapshot. Rollback is atomic — partial states aren't possible. Available from the audit log, Slack notification, or dashboard.
7 days
Rollback window
Any agent-initiated change can be rolled back for up to 7 days after execution. After that, the diff is available in the audit log for manual reconstruction.
Scenario Response SLA
Agent applies incorrect remediation One-click rollback from dashboard or Slack < 60 seconds
InfraGhost service outage Infrastructure continues running — agent goes offline, no actions taken Fail-safe: read-only fallback
Approval notification not received Action is held, not skipped. Re-notified after 30min. Never auto-approved
Security incident in InfraGhost platform Customer notification + scope revocation within 4h < 4 hours
06 — How we compare

Most tools ask for admin.
We don't.

The standard approach in infrastructure tooling is broad credential access with trust that the vendor won't misuse it. InfraGhost is designed on the assumption that you shouldn't have to trust us with anything you didn't explicitly grant.

Capability InfraGhost Typical competitor
Default credential scope Read-only. Write granted per-env by you. Broad admin credentials required for initial setup
Credential storage No stored credentials — STS temp tokens only (1–12h TTL) Long-lived keys or persistent OAuth tokens stored by vendor
Human-approval gates Built-in, configurable. Locked categories for IAM/deletion/0.0.0.0/0 Optional or enterprise-tier only
Audit log Full before/after state, reasoning, actor, SIEM export Action log only — no before/after diff, limited export
First 50 teams · Founding Member

You've read the security model.
Now lock in a lifetime deal.

$99 one-time. No subscription. Lifetime 50% off when InfraGhost launches paid tiers, priority onboarding, and direct Slack with the founder.

See pricing tiers →

Stripe secure checkout. Instant confirmation email.

Ready to let it run?

14-day free trial. No card required to start. Cancel anytime with your data.

Start free trial → See what a guarded deploy looks like → Talk to founder about security review