Security & Supply Chain

Trust you can verify,
not just take on faith.

Elixium runs on a hardened, signed container supply chain we build and maintain in-house — with FIPS-mode cryptography, a full bill of materials on every image, and provenance anyone can verify offline. The same platform, whether it runs in our cloud or inside your air-gapped enclave.

What you get

Security as a property of how it's built.

Hardened & minimal by construction

Our runtime images are distroless — no shell, no package manager, nothing but the runtime and the app. The attack surface collapses to almost nothing, and least-functionality is a property of how the image is built, not a policy applied after.

Signed, with a full bill of materials

Every image carries a cryptographic signature and a complete SBOM (software bill of materials), attached in the registry. Anyone can verify what is inside and that it came from us, unmodified — offline, without trusting a third party.

FIPS-mode cryptography, built in

Our FIPS image variants operate in FIPS mode with approved-algorithms-only enforcement, proven active on every build. This is the control implemented where the cryptographic work actually happens — inside the container.

Air-gap ready

The entire image set moves into a disconnected environment with signatures and SBOMs intact. Built for the enclave, where "just pull it from the vendor" is not an option. Full enclave deployment is in early access today.

Continuously rebuilt & scanned

Images are rebuilt on a cadence we control, so vulnerabilities are eliminated at the source rather than patched around. Each image ships with its scan report and severity scope — the claim carries its own evidence.

You hold the keys, and the capability

Self-hosted means you own the data, the database, and the encryption keys. And the supply chain itself is ours to run — not rented from a vendor subscription, so nothing about your trust chain depends on someone else’s roadmap.

The supply chain we own

Trusted in. Hardened, signed, FIPS-enabled out.

A closed loop we run end to end. Vetted components become hardened, verifiable images that Elixium — and only images we built and signed — is assembled from.

Harden
distroless, minimal
Scan & gate
block on severity
Generate SBOM
full bill of materials
Sign
verifiable provenance
FIPS-enable
approved algorithms only
FIPS-mode cryptography

Approved algorithms only — and we prove it every build.

Our FIPS image variants ship a cryptographic module that operates in FIPS mode: non-approved algorithms are rejected, and the module runs its power-on self-test before the image is allowed to ship. It is the control implemented inside the container, where the cryptographic work actually happens — not a claim on a datasheet.

For programs that require a formal certificate, there is a clear upgrade path to a CMVP-validated cryptographic module. We'll name the module and the certificate for your assessment when a contract requires it.

Proven on every build
FIPS provider active
SHA-256 · AES-256-GCM · RSA-2048 approved
MD5 (legacy) blocked
Elixium runs clean under enforcement
For regulated & government programs

Controls implemented by construction.

Evidence-producing controls that support CMMC and FedRAMP-adjacent programs — implemented in the artifact, not asserted in a document.

Least functionality
Distroless removes the shell and package manager — minimal by construction (CM-7).
Software integrity
Signed images + full SBOM give supply-chain requirements a machine-verifiable answer (SI-7 / SR family).
Flaw remediation
Continuous rebuilds address vulnerabilities on a cadence you control (SI-2).
Cryptographic protection
FIPS-mode, approved-only cryptography inside the image; validated-module upgrade path (SC-13).
For AI-assisted delivery

Humans approve, AI executes — as controls, not policy prose.

Every agent connects under its own OAuth identity. Everything it does is attributed, gated, and auditable — the same bar your human team ships through.

Audit events, end to end
Every mutation emits an audit event — actor, tenant, action, object, timestamp. Agent actions record both the agent identity and the authorizing human (AU-2).
Human-endorsed AI work
Agent-drafted work stays a proposal until a human endorses it — and the accept/reject is its own audited event, completing the accountability chain (AC-5 family).
Tenant isolation, fail closed
Row-level security enforced in the database, a membership gate at the router, and RBAC that denies when access is unresolved (AC-3 / AC-6).
Retention & disposal
Per-workspace retention windows, provenance-tracked purge, and restore-from-trash — governed by a written retention policy (SI-12).

Control mappings indicate where our artifacts provide implementing evidence. Assessment and authorization decisions rest with your assessor and authorizing official.

Also worth reading

Runtime & platform security

This page is about how Elixium is built. For how it behaves at runtime — OAuth 2.1, RBAC, tenant isolation, encryption in transit and at rest — see the platform security controls.

Platform & API security →

Deploying into a regulated or air-gapped environment?

Talk to us about self-hosted and FIPS-enabled Elixium, SBOM and signature verification, and what an air-gapped deployment looks like for your program.