Appearance
ACRA Implementation Specifications
This section describes how core security and identity controls are implemented within the ACRA platform.
Where earlier documentation explains the architecture and operational model of ACRA, the pages in this section focus on specific enforcement mechanisms. Each document defines how a particular control surface operates, how policies are applied, and how the platform maintains isolation, cryptographic protection, and identity governance.
These specifications are intended for readers who need to understand how the platform enforces security properties at a technical level, including:
- Platform engineers responsible for operating ACRA
- Security reviewers evaluating enforcement mechanisms
- Architects integrating applications into enclave environments
The documents in this section describe how ACRA implements security guarantees, not how to operate or configure the platform.
Specifications in This Section
Network Containment Specification
Describes the network isolation model used by ACRA. The document explains the default-deny networking model, permitted communication paths between enclaves and external systems, policy definition, and the mechanisms used to enforce network restrictions.
Platform Cryptographic and Key Management Specification
Defines how the platform manages cryptographic material and protects data. This includes secret storage, encryption at rest, encryption in transit, and the lifecycle management and rotation of keys and certificates.
Scope of Implementation Specifications
Implementation specifications focus on technical enforcement. Each document answers questions such as:
- Where does the enforcement boundary exist?
- Which components enforce the policy?
- What happens if the policy is violated or unavailable?
- How does the platform ensure behaviour remains consistent across deployments?
These pages provide the technical detail required to validate that ACRA’s security guarantees are implemented at the platform level rather than relying on application configuration.