Security

Practical controls for a small service surface

Rivermesh favors simple controls that are easy to audit: encrypted transports, scoped access, and documented operational changes.

Public services are configured around certificate-backed TLS endpoints and explicit server names.

Administrative access is separated from service credentials and kept outside public content.

Runbooks and configuration templates describe how services should be issued, deployed, and checked.

Security Contact

For security reports, include the endpoint, observed behavior, timestamps, and whether credentials or certificate material may be exposed.

Please send a concise report to security@rivermesh.net.