Built for teams whose auditors read the footnotes
Wardengate is privileged access infrastructure. Security is not a feature page — it is the product. This is how we build, operate, and disclose.
Security practices
Gateway-first recording
Session evidence is captured at the broker, not on targets operators control. Recordings, keystrokes, and file transfers are bound to a named identity and policy version at decision time.
Encryption in transit and at rest
All operator and connector traffic is TLS-terminated at the gateway. Session artifacts and audit logs are encrypted at rest with customer-managed or platform-managed keys depending on deployment model.
Least-privilege operations
Wardengate support access into customer tenants is opt-in, time-bound, and session-recorded — using Wardengate itself. Standing support credentials do not exist.
Secure development lifecycle
Dependency scanning, signed container images, and segregated build pipelines for control plane and connector components. Security advisories ship with CVE detail and upgrade paths.
For procurement
Trust artifacts your security team will ask for
Enterprise evaluations move faster when the paperwork exists before the questionnaire arrives. Contact us for the current trust package.
- Penetration test summaryAvailable under NDA
- SOC 2 Type II reportAvailable under NDA
- Data processing addendumProvided at contract
- Subprocessor listAvailable on request
- security.txtPublished for coordinated disclosure
Report a vulnerability
If you believe you have found a security issue in Wardengate, report it to security@wardengate.example. We acknowledge within one business day and coordinate disclosure on a timeline that protects customers. Full policy details are in our security disclosure documentation.
Enterprise evaluation?
Get the trust package before your questionnaire lands
We will send the current SOC report summary, DPA, subprocessor list, and architecture overview — usually same day.