Security

Multi-layer defense. Cryptographic provenance.

Encryption at rest and in transit. Capability-based access control. Audit chains anchored in BLAKE3. Zeroize on drop. No ambient authority. The threat model is documented and the boundaries are testable.

Start free Read the docs
At a glance

What's here.

The shape of this page in six lines.

AES-256-GCM at rest
Per-namespace keys derived via HKDF-SHA256.
TLS 1.3 in transit
rustls — no OpenSSL. Modern cipher suites only.
BLAKE3 audit chain
Tamper-evident, Merkle-anchored, replicable to external attestors.
Capability tokens
No ambient authority. Every read/write requires an explicit capability.
Zeroize on drop
Secret material wiped from RAM on drop paths.
Argon2 password hashing
OWASP-recommended parameters; tunable per-deployment.
Reference

Useful links.

referencebash
# Verify the audit chain externally
$ minds audit verify --from 2026-10-01 --to 2026-10-31 \
    --attestor https://attestor.example.com
✓ 14,832 entries verified · Merkle root matches
Specs

Details.

At a glance
At rest
AES-256-GCM · per-namespace keys
In transit
TLS 1.3 (rustls)
Signatures
Ed25519 · FROST threshold (multi-sig)
Hashing
BLAKE3 · Argon2 for passwords
Audit
BLAKE3 Merkle chain · externally attestable
Guarantees
Durability
fsync per WAL commit
Isolation
MVCC · snapshot
Audit
BLAKE3 Merkle chain
Encryption
AES-256-GCM per-namespace
Concurrency
100K+ ops/sec
Keep exploring
Trust Center
Compliance posture.
Multi-Tenant
Isolation model.
Memory · Vault
Encrypted secrets.

Get started in an afternoon.

Run anywhere — Akasha Cloud, on-prem, or air-gapped.

Start free Talk to sales