Security Best Practices

Security best practices for production deployments.

Database Security

Change default passwords:

POSTGRES_PASSWORD=<generate-strong-password>

Enable SSL/TLS:

# PostgreSQL
ssl = on
ssl_cert_file = '/path/to/server.crt'
ssl_key_file = '/path/to/server.key'

Network Security

Use private networks:

Deploy behind VPN
Use Kubernetes NetworkPolicies
Enable mTLS between services

Example NetworkPolicy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: postgres-policy
spec:
  podSelector:
    matchLabels:
      app: postgres
  ingress:
    - from:
        - podSelector:
            matchLabels:
              app: lumina-api

Data Privacy

Redact PII before sending:

const redacted = redactPII(userPrompt);
await lumina.traceLLM(
  () => llm.generate(redacted),
  { prompt: redacted }
);

Secrets Management

Use secret managers:

# Kubernetes External Secrets
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
  name: lumina-secrets
spec:
  secretStoreRef:
    name: aws-secrets-manager
  data:
    - secretKey: ANTHROPIC_API_KEY
      remoteRef:
        key: prod/lumina/anthropic_key

Getting Started

Production

Monitoring

Database Security

Network Security

Data Privacy

Secrets Management

Getting Started

Production

Monitoring

​Database Security

​Network Security

​Data Privacy

​Secrets Management

Database Security

Network Security

Data Privacy

Secrets Management