Tokens & secrets
This Section Stores tenant-Scoped Sensitive Configuration such as
- Scanner ingestion/auth tokens (used by on-prem scanners to post results)
- Storage credentials for customer-managed bucket (if configured)
- Integration secrets (where applicable)
Security Guidance
- Use least-privilege credentials (bucket-only IAM)
- Rotate keys periodically
- Restrict tokens to tenant scope