Skip to main content

Security & Trust

Subnetly is built as a tenant-isolated DDI and Network Intelligence service for SMB, enterprise, and MSP operations.

Platform Controls

  • Tenant-scoped data model with PostgreSQL row-level security on tenant tables.
  • Auth0 Universal Login for interactive authentication.
  • Tenant MFA enforcement for interactive sessions when enabled by an owner or admin.
  • Role-based access controls for DNS, DHCP, IPAM, audit, MSP, API tokens, webhooks, and tenant administration.
  • Long-lived API tokens are tenant-bound, role-capped, hashed at rest, shown once, and subject to tenant expiry policy.
  • Canonical audit events are partitioned by month and scoped per tenant.
  • Audit exports are RBAC-controlled and available as CSV or JSON.

Data Protection

  • Secrets are never returned after creation.
  • Cloud credentials are stored through the encrypted secrets path.
  • Application request bodies are capped by middleware, with explicit import limits for larger CSV workflows.
  • Public and agent endpoints use separate authentication mechanisms from tenant user sessions.

MSP Isolation

MSP tenants can manage authorized client tenants from the MSP workspace. Cross-tenant rollups use explicit server-side authorization before any cross-tenant query runs.

Reliability

Subnetly runs health probes for API readiness, agent connectivity, DNS/DHCP health, and user-visible service status. Operational recovery procedures are documented in the disaster recovery runbook.