Trust boundaries
This page clarifies where Aegis and Axis are responsible, and where customer teams retain control obligations.
Aegis boundary
- Aegis enforces transport-policy rules in traffic paths.
- Aegis emits telemetry about negotiation outcomes and policy posture.
- Aegis is not a substitute for customer application authorization controls.
Axis boundary
- Axis manages policy lifecycle, rollout states, and operational receipts.
- Axis provides control-plane workflows for staged rollout and rollback.
- Axis does not directly replace traffic-path enforcement behavior of Aegis.
Assumptions and customer responsibilities
- Customers define tenant governance, access approvals, and data classification controls.
- Customers maintain key-custody governance for external KMS/HSM providers.
- Customers own application-level authorization and business-data retention decisions.
Data-handling assumptions
- Application payload encryption and decryption occurs in customer-controlled application paths.
- Control-plane data includes policy metadata, rollout state, and operational audit records.
- Incident investigations rely on customer and VeliKey logs together for complete context.