MemoryOps is currently in alpha. Security fixes are applied to the latest commit on main only.
| Version | Supported |
|---|---|
main (alpha) |
✅ |
| Older tagged releases | ❌ |
Please do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities privately via GitHub Security Advisories.
Include:
- Description of the vulnerability and potential impact
- Steps to reproduce or proof-of-concept
- Any suggested mitigations
You will receive an acknowledgement within 72 hours. We aim to triage and release a fix within 14 days for critical issues.
For deployment-specific hardening, use the production checklist in
docs/security-production.md.
- Workspace API keys are hashed with Argon2 before storage. The plaintext key is returned once on creation — it cannot be recovered.
- Bootstrap keys (
POST /v1/workspaces) have elevated privileges. Rotate them after initial setup usingPOST /v1/workspaces/{id}/keys. - Keys are passed via
X-API-Keyheader — always use HTTPS in production.
- All webhook sources (GitHub, Slack, Jira, Linear) are validated with HMAC-SHA256 signatures.
- The
dev-placeholdersecret in.env.exampleis intentionally weak. Always set real secrets in production. - Timing-safe comparison is used for all HMAC checks.
- No secrets are stored in
config.toml. All credentials are read from environment variables at runtime. - Never commit
.envto source control..envis in.gitignore. - In production, use a secrets manager (AWS Secrets Manager, HashiCorp Vault, etc.) to inject environment variables rather than a
.envfile.
- The bootstrap endpoint (
POST /v1/workspaces) should be restricted to trusted networks and disabled withWORKSPACE_CREATION_ENABLED=falseafter initial setup. - The MCP server port (default
3003) should not be exposed publicly — it is intended for local AI client connections only. - Qdrant and Redis should not be exposed to the public internet. Bind them to
localhostor a private network interface.
- Use a dedicated Postgres role with least-privilege permissions for the
DATABASE_URLconnection. - Enable Postgres SSL (
sslmode=require) in production. - All user-supplied values are parameterized via
sqlx— no string interpolation in SQL.
- LLM and embedding API keys (
OPENAI_API_KEY,ANTHROPIC_API_KEY, etc.) are read from environment variables and never logged or persisted to the database. - Audit your LLM provider's data retention policies if you are processing sensitive memory content.