Enterprise-Grade Security

This container was built with security at its core:

• Isolated HTTPS for all .local services
• mkcert-based TLS certificate automation
• Vault Integration: Load secrets without storing them in code
• Trivy Scanning: Containers scanned at runtime & in CI/CD
• IAM-Aware: Role-based policies for S3, CloudWatch, budgets
• Hardened NGINX Reverse Proxy: TLS + HTTP to HTTPS redirect
• No root processes inside containers