Security

Kalix offers multiple levels of authentication and authorization that can be used to secure services, projects and organizations. Which levels are right for you will depend greatly on your use case. These levels of security are complementary. In some cases, it may make sense to utilize multiple levels of Kalix security features.

Service level

The features for securing services that Kalix supports are:

Project level

Access to projects is managed by granting users roles. Different roles enable different capabilities when interacting with a project. To understand which roles exist and how to assign them, refer to the section Managing project users. Project membership is managed via the kalix roles commands.

To allow for scripted access to projects, Kalix supports authentication tokens. For details see Integrate with CI/CD tools.

Kalix also provides secret management for each project, typically used for passwords, login credentials, keys, etc. You can provide secrets to your services through environment variables. For details see Manage secrets section.

Organization level

Similarly to projects, access to organizations is managed by granting users roles that provide different capabilities. To understand which roles exist and how to assign them, consult the section Managing organization users. Organization membership is managed via the kalix organization invitations and kalix organization users commands.