CC-I-1 — HMAC JWT secrets exposed via misconfigured config/env
Component: Cross-Cutting. Mitigations: Operator responsibility; documented risk. Action: Provide vault/secrets manager integration guidance
| Property | Value |
|---|---|
| Section | Information Disclosure |
| Owner | operator |
Mapped Controls
| Control | Title |
|---|---|
| SID-KEY-02 | IACA Certificate Management |
| SID-OPS-03 | Backup and Recovery |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md