<<<<<<< HEAD ======= >>>>>>> e2f3a67 (Rebrand)

Enterprise-Grade Security

This container was built with security at its core:

Isolated HTTPS for all `.local` services
mkcert-based TLS certificate automation
Vault Integration: Load secrets without storing them in code
Trivy Scanning: Containers scanned at runtime & in CI/CD
IAM-Aware: Role-based policies for S3, CloudWatch, budgets
Hardened NGINX Reverse Proxy: TLS + HTTP to HTTPS redirect
No root processes inside containers

<<<<<<< HEAD ======= >>>>>>> e2f3a67 (Rebrand)