Security
Security in Vectora is implemented in 3 layers: application (Guardian blocklist), isolation (Trust Folder), and access control (RBAC). Data is yours - Vectora is BYOK (Bring Your Own Key).
Security Pillars
| Layer | Component | Function | Docs |
|---|---|---|---|
| Application | Guardian | Hard-coded blocklist for .env, secrets, binaries | → Guardian |
| Filesystem | Trust Folder | Path isolation against directory traversal | → Trust Folder |
| Access | RBAC | 5 roles (Owner→Guest) with 15 permissions | → RBAC |
| Data | BYOK + Encryption | User keys, AES-256-GCM encryption | → BYOK & Privacy |
Compliance & Certifications
Supports compliance frameworks:
- GDPR — Right to be forgotten, data portability
- HIPAA — Encryption, audit, controlled access
- SOC 2 Type II — In progress for 2026
- PCI-DSS — If credit card data is not indexed
Shared Responsibility Security
| Responsibility | Vectora | You |
|---|---|---|
| Guardian blocklist | [x] | - |
| Trust Folder config | - | Configure |
| API keys | - | Protect |
| Password | - | Use 2FA |
| Network (firewall) | - | (optional) |
Next Steps
- Understand: Read Guardian for hard-coded protections
- Configure: Define Trust Folder appropriately
- Manage: Configure RBAC for your team
- Data: Review BYOK & Privacy for compliance
Security vulnerability? Report here
External Linking
| Concept | Resource | Link |
|---|---|---|
| RBAC | NIST Role-Based Access Control Standard | csrc.nist.gov/projects/rbac |
| MCP | Model Context Protocol Specification | modelcontextprotocol.io/specification |
| MCP Go SDK | Go SDK for MCP (mark3labs) | github.com/mark3labs/mcp-go |
Part of the Vectora ecosystem · Open Source (MIT) · Contributors