Client-controlled runtime
The product retains its own local configuration, audit trail, licence state and operational workflow.
Secrets governance
Cybstyx Phylaxis Kleidion Vault
Secrets, keys, certificates, OTP seeds, adapter secrets, and approval-bound vault operations. The product is positioned as a client-controlled security engine with professional deployment, audit and integration boundaries.
Core responsibility
What this product is built to handle.
secrets, certificates, key lifecycle and approval-bound vaulting
- Secret and certificate vault
- Key lifecycle and rotation
- Approval matrix and break-glass
- Access audit and sealed exports
- Backup and restore controls
Deployment and control model
Roles: Super Admin, Vault Admin, Secret Custodian, Approver, Auditor, Service Account
Authentication: Local RBAC with MFA; optional Eidon SSO; signed service account access for controlled secret retrieval.
Linked with: Optional Unified Cyber Security Command Center adapter, Nomion, Eidon, and product secret consumers such as Pteron, Orama, Phylax, Keraunix, and Chronyx.
Boundary: No product should hard-fail if Kleidion is offline unless that workflow explicitly needs live secret retrieval.
Cybstyx model
Standalone product, optional ecosystem connection
The product should be strong alone first. Integration improves visibility and coordination, but it must not become an uncontrolled dependency.
Command-center option
SecOwl can receive approved events and show posture or evidence if the client enables the adapter.
Bounded integration
Products may connect to identity, evidence, licence, secrets or timeline services when policy allows.
Every action has context
Administrative changes, service events and proof exports should remain auditable.