Operator Security

Local auth, local API keys, support grants, setup tokens, secret handling, and public data boundaries for B3IQ operators.

B3IQ security starts with local boundaries. A node operator controls local setup, owner auth, support access, local keys, runtime state, and the decision to enroll into managed or network workflows.

Credential Classes

CredentialPrefix or formPurposeHandling
Setup tokentokenized setup URLBootstrap or recoveryDo not log or send. Use only for initial local setup or recovery.
Owner sessionHttpOnly cookieNormal local operator UICreated after owner login, not copied into CLI examples.
Local API keyb3iq_local_Local inference clientsShown once, stored hashed, revocable, scoped.
Support grantb3iq_support_Temporary diagnosticsExpiring, revocable, diagnostics-only, redacted support bundles.
Hosted gateway keyb3iq_gateway_Hosted developer API accessSeparate from local keys, may carry customer billing ownership.

Secret Handling Rules

Do

Use files and stdin

Store one-time keys in restrictive files and pass them through config files, stdin, or environment variables.

Avoid

Put secrets in process argv

Shell history, process listings, logs, and copied snippets can leak values passed directly as command arguments.

Safe Local Key Pattern

bash
umask 077mkdir -p .secretscat > .secrets/b3iq-local-keyB3IQ_LOCAL_KEY_FILE=.secrets/b3iq-local-key

Then build short-lived request config files instead of writing the bearer token in the command line.

Public Surface Boundary

Public node, model, receipt, settlement, and route-readiness payloads may expose:

  • Public node and model IDs.
  • Public-safe readiness status and blockers.
  • Benchmark summaries and observed benchmark freshness.
  • Receipt hashes, roots, counts, and totals.
  • Public transaction hashes and settlement status.

They must not expose:

  • Raw prompts or outputs.
  • API keys, customer tokens, setup tokens, local API keys, support secrets, or token hashes.
  • Customer identity.
  • Exact private routes or private request logs.
  • Local runtime URLs, filesystem paths, tunnel IDs, tunnel tokens, or connector details.
  • Raw TEE quotes or certificate chains.

Remote Support

Support grants are scoped to diagnostics. They should not authorize API-key management, owner recovery, wallet private-key reveal, command execution outside allowed diagnostics, or raw prompt/output access.

Rotate development credentials before production

Development deployer keys, Cloudflare tokens, signing certificates, node secrets, router secrets, and protocol treasuries used during MVP work must be rotated before production launch.

Private inference

Learn what private_transport protects today and what TEE privacy still needs.

Learn More
Local API

See safe local examples that keep tokens out of argv.

Learn More
Release trust

Track installer signing, release manifest, and update trust gates.

Learn More
Previous Route Readiness
Next API Overview
Ask a question... ⌘I