VC-T-2 — Attacker replaces software PEM key file
Component: vc Platform. Mitigations: Filesystem permissions only. Action: Use HSM mode; if software key required, use sealed-secret or vault-injected file
| Property | Value |
|---|---|
| Section | Tampering |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-KEY-02 | IACA Certificate Management |
Source: STRIDE analysis (April 2026), architecture/stride-threat-model.md