Admins author policy and review dashboards in the Station70 SaaS console. The console never handles credentials.
Signed policy bundles sync one way to the enforcement gateway in your VPC. Every bundle is versioned and logged with author and diff.
Agents connect to the local gateway. Credentials are encrypted under your CMK and never leave your boundary.
Each call evaluates against the synced policy chain inside your enclave. Decisions are deterministic and reproducible from the log.
Decryption is gated on PCR0 attestation against your KMS. The control plane has no decryption path.
Audit summaries flow to the console for dashboards; full logs export to your SIEM in your own storage.
Policy authoring UI, approval queue views, and audit dashboards. Holds summaries, never credentials.
One way channel shipping versioned policy bundles to the data plane. Tampering breaks the signature.
The enforcement point. Runs the enclave, evaluates policy locally, and executes downstream calls.
Decryption authority stays in your account, conditioned on your accepted PCR0 set.
Full audit stream to Splunk, Sentinel, or S3 under your encryption. The console keeps only aggregates.
The control plane cannot read credentials. It ships signed policy and receives audit summaries; decryption is gated on your KMS and your enclave.
A control plane outage does not block enforcement. The data plane evaluates its last synced chain and fails closed per call.
Policy changes are attributable: every bundle carries author, diff, and timestamp in the append only log.
This pattern fits teams that want managed policy tooling without extending the credential trust boundary beyond their VPC.
Walk through the trust model, policy design, and rollout with our security and solutions team.