Security starts at the source.
Every connected system gets identity, scoped access, lifecycle controls, and audit-ready actions before events become operational memory.
Security controls already active.
Session-based authentication
Password reset flow
API key protection
Project-scoped access
Rate limiting
Security headers
CORS controls
Billing and webhook validation
Security controls being expanded.
Full audit log UI
Secret and key lifecycle dashboard
Advanced role permissions
Incident and status page
Deeper security reporting
Expanded compliance preparation
Security controls built into the platform foundation.
The current platform foundation is designed to reduce risk early and create a stronger path for operational maturity over time.
Authentication
Account access is protected by secure password handling, sessions, email verification, and recovery flows.
Workspace access
Organizations, projects, members, and roles create clear boundaries for who can access what.
Source-scoped API keys
API keys are linked to sources so each connected system has a clear identity and limited ingest boundary.
Rate limiting
Request limits help reduce abuse and protect shared platform resources from noisy or harmful traffic.
Secrets protection
Sensitive keys and tokens are treated as protected operational assets with lifecycle controls planned.
Runtime hardening
Deployment validation, headers, trusted hosts, HTTPS awareness, and CORS controls reduce configuration risk.
Data and access are organized around real workspace boundaries.
Lariba Cloud separates organizations, projects, users, and API keys so product signals can be managed with clearer operational ownership.
Organizations isolate teams
Each organization acts as the top-level workspace for users, projects, members, and operational settings.
Projects isolate product activity
Events, sources, API keys, and operational context are attached to projects instead of being mixed globally.
API keys are scoped
Keys are created for specific project workflows so integrations can be controlled, rotated, and revoked.
Membership controls access
Users access resources through organization and project membership instead of uncontrolled shared access.
Key lifecycle is part of the platform direction.
API keys are central to event ingestion. Lariba Cloud treats them as operational security assets that need clear ownership, rotation, revocation, and auditability.
Create source-scoped API keys
Rotate keys when operational ownership changes
Revoke keys that are no longer trusted
Track key usage and lifecycle activity
Prepare expiration and audit policies over time
Never expose source API keys in public client-side code. Keep ingestion keys in controlled backend or server-side environments.
Runtime controls reduce common platform risks.
The production platform includes middleware and environment controls that help reduce exposure, abuse, and misconfiguration.
Security headers
Trusted host controls
CORS configuration
Rate limiting middleware
Runtime environment validation
HTTPS and proxy awareness
Webhook signature checks
Database-backed session handling
Reporting security issues.
Responsible disclosure is the right path for issues that affect platform trust, customer data, authentication, authorization, or billing integrity.
Security contact
security@laribacloud.comPlease include:
Clear reproduction steps
Affected endpoint, page, or workflow
Potential impact and severity
Screenshots, logs, or timestamps if useful
Your contact email for follow-up
Do not access, modify, delete, or exfiltrate data that does not belong to you. Report only what is needed to validate the issue safely.
Clear claims matter.
Lariba Cloud is still early. The platform is being built with security practices that prepare for stronger compliance over time, but it is not yet certified.
Not yet SOC 2 certified.
Not yet ISO 27001 certified.
Not yet PCI certified.
Security controls are being strengthened as the platform matures.
Source-level security grows with the product.
Lariba Cloud will keep strengthening key lifecycle, audit trails, permissions, incident workflows, and operational security as the platform matures.
Secret and key lifecycle UI
Deeper audit trails
Advanced role permissions
Incident and status page
Operational runbooks
Security reporting workflows