Skip to content

Minio Security (Object Storage)

Overview

Minio is used primarily as a Secure File Storage backend for handling user-uploaded artifacts and generated reports. It is not used for raw database storage or high-velocity logs, but rather for: - Imported Artifacts: ZIP files and documents uploaded by users for analysis. - Generated Reports: Storing HTML and PDF reports generated from pentest results. - File Imports: Storing PDF-to-Markdown conversions.

Security Architecture

1. Reverse Proxy & Encryption

  • Accessed via minio-api-proxy.
  • HTTPS: All data in transit is encrypted.
  • Authentication: Protected by robust access keys controlled by the Backend Manager.

2. Data Segregation

  • Per-Pentest Buckets: Each pentest or retest session creates a new, dedicated bucket.
    • Prevents data leakage between different engagements.
    • Allows for granular lifecycle management (e.g., deleting all data for a specific test easily).

3. Access Control

  • The minio-api microservice mediates all bucket creation and access, ensuring that only authorized workflows can read/write data.