Security & compliance
This page covers the security and compliance controls a tenant admin owns: the secrets vault, network egress policies, the skills security pipeline, data retention and erasure, PII handling, and certification tracking. Permissions and approvals — the other pillar of governance — are covered in Permissions & approvals.
Secrets vault
Agents need credentials — API tokens, service passwords, connection strings. The vault at /secrets is the one sanctioned place for them, so credentials never live in agent identities, skill code or chat history.
- Encryption at rest — every secret is encrypted with AES-256-GCM before it's stored. Secret values are write-only in the UI: once saved, they're masked and can be replaced but not read back out.
- External providers — if your organisation already runs a secrets platform, EnClaw can back the vault with HashiCorp Vault, AWS Secrets Manager or Azure Key Vault instead of local storage, so secrets stay in the system your security team already audits.
- Scoping — each secret is scoped to org, team, agent or channel level. An agent-scoped secret is invisible to every other agent; a team-scoped one serves all that team's agents. Scope as narrowly as the workflow allows.
- Rotation and expiry — secrets can carry an expiry/TTL, and rotating a value is an in-place update — agents pick up the new value on next use.
- Access auditing — secret reads and changes are recorded and visible in the audit log.
Egress policies
Egress policies at /egress-policies control where agents and sandboxed skills are allowed to make outbound network connections.
- Domain allowlists / blocklists — permit only the domains your workflows genuinely need (your JIRA host, your CRM, approved public APIs) and everything else is refused. Blocklist mode is available where you'd rather enumerate the exceptions.
- Sandbox network isolation — sandboxed executions run with networking disabled by default for higher-risk workloads. A skill only gets network access when its risk classification and your egress policy both allow it, and even then only to permitted destinations.
- Rebinding protection — EnClaw guards against DNS tricks that would let an allowed-looking hostname resolve into your internal network.
Egress rules apply at the sandbox layer of permission resolution, which means no user or agent permission can override them.
Skills security pipeline
Every custom skill submitted to your catalogue passes through a multi-stage security pipeline before any agent can run it (submission mechanics are in Custom skills):
- SBOM generation — a Software Bill of Materials listing every dependency the skill brings with it.
- Static analysis — the code is scanned for dangerous patterns and quality issues without being run.
- CVE scanning — dependencies are checked against known-vulnerability databases.
- Build verification — the skill is rebuilt to confirm the shipped artefact matches its source.
- Sandbox analysis — the skill is executed in isolation and its runtime behaviour (file access, network attempts, resource use) is observed.
- Human review — a reviewer (typically your
skills_curator) sees the results of all previous stages as pass/fail evidence and makes the final approve/reject call, with comments recorded.
Nothing skips the pipeline, and the analysis evidence stays attached to the skill so a later audit can see exactly what was reviewed and approved.
Data retention and erasure
Retention controls live at /compliance.
- Retention policies — set per scope (org, team, agent, channel) and per data type, so you can keep, say, session transcripts for 90 days but agent memory for 12 months. The org-level policy is the default; narrower scopes refine it.
- Auto-delete enforcement — expired data is purged automatically on schedule. Retention isn't advisory; once a policy is set, enforcement doesn't rely on anyone remembering to clean up.
- Legal hold — when litigation or an investigation requires it, a legal hold freezes the covered data. Held data is exempt from auto-delete (and from erasure requests) until the hold is lifted, and holds themselves are audited.
- GDPR erasure requests — a right-to-erasure workflow purges an individual's data across the platform — sessions, memories, files — as a tracked request with a recorded outcome, rather than an ad-hoc scrub.
PII detection and redaction
EnClaw detects common categories of personally identifiable information — email addresses, phone numbers, government identifiers (e.g. SSNs), credit card numbers and IP addresses — and can act on them automatically:
- Redaction in memory and transcripts — detected PII is redacted before it's persisted into agent memory or session records, so sensitive values don't accumulate in long-lived stores.
- Scanning on file upload — files entering File space can be scanned for PII per-directory, flagging sensitive content at the point of entry.
Pattern-based detection is a safety net, not a guarantee — treat it as one layer alongside retention policies and scoped access, not a licence to feed agents unfiltered sensitive data.
Certification tracking
The /compliance area also tracks your organisation's certification posture across SOC 2, ISO 27001, HIPAA, GDPR and CCPA: current status per framework, attached evidence, and compliance report generation for auditors. Status is self-attested by your organisation — EnClaw gives you the tracking and evidence management, while the certifications themselves remain between you and your auditors.
Next
- File space & storage — where per-directory PII scanning and retention meet day-to-day file handling.
- Observability & audit — the audit log that underpins everything on this page.