Skip to content

Security overview

Keel is built for teams that need observability without giving up control of their data.

Data residency — your data stays yours

  • Keel runs entirely on your hypervisor, on your network. Logs, alerts, incidents, and RCA output are stored only inside the appliance.
  • No telemetry of your log data leaves the appliance. There is no SaaS backend receiving your logs.
  • AI runs against a model you control — a local model (Ollama) for fully air-gapped operation, or your own provider key. Only the data you analyze (and only when you trigger AI) is sent to the LLM endpoint you configured.

Network posture

  • Inbound is limited to the ingest and dashboard ports you explicitly enable, governed by the built-in firewall (zones / allowed ports).
  • Outbound is minimal: optionally the license portal (*.infranexis.com:443) for connected-mode activation, heartbeat, and updates, and optionally your LLM endpoint. Air-gapped deployments use offline licensing and a local model — zero outbound required.

Access control

  • Authentication & SSO: local accounts with password policy and MFA, or enterprise SSO via LDAP/RADIUS, SAML, and OIDC. See authentication.
  • Roles & teams: role-based access (e.g. a viewer cannot change configuration), with team groupings. See users-roles-teams.
  • The web dashboard is served over TLS; bring your own certificate or use the built-in one.

Licensing & integrity

  • Licenses are cryptographically signed (RS256) and verified offline by the appliance against a published public key — so air-gapped nodes validate entitlements without calling home.
  • Connected installs are node-locked (activation-bound to an install fingerprint) and can be revoked centrally.
  • Updates are delivered as signed bundles; the appliance verifies the signature before applying.

Operational safety

  • The Platform Assistant is read-only — it can query and report but has no tools to change or delete configuration, so it is safe against prompt-injection from ingested content.
  • Encrypted backup/restore of configuration is built in.
  • Secrets (provider keys, cold-storage credentials) are stored encrypted at rest.

For deployment-specific hardening (closing unused ports, SSO enforcement, cert management), see network-ssl-firewall and authentication.