# Security This directory contains security documentation for the United Manufacturing Hub platform. ## Component Scope The UMH platform consists of two main security domains: ### umh-core (Edge Gateway Container) **Documentation**: `umh-core/deployment-security.md` Security scope: * Instance-level authentication (AUTH\_TOKEN) * Container security (non-root execution, process isolation) * Edge gateway security architecture * Protocol converter and data flow security * Network security for edge deployment * Supply chain security (vulnerability scanning, dependencies) * Industrial protocol handling (OPC UA, Modbus, S7, MQTT) ### ManagementConsole (Cloud Platform) **Documentation**: `management-console/` (separate repository) Security scope: * User authentication and multi-factor authentication (MFA) * Role-based access control (RBAC) for users * User-level audit trails and action logging * Cloud security and API protection * Session management and user permissions * Organization and team access controls ## Security Responsibility Boundary **umh-core** handles edge security - authenticating the instance, securing the container, and protecting data flows at the factory edge. **ManagementConsole** handles user security - authenticating users, controlling access, and securing the cloud platform. Together they provide defense-in-depth: instance authentication (umh-core) + user authentication (ManagementConsole) + customer infrastructure security. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.umh.app/production/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.