Container
Distroless base. Non-root user. Read-only filesystem where possible. Regular vuln scan (Trivy).
Advertisement
Network
VPC isolation. Egress allowlist. TLS everywhere. Private endpoints for LLM APIs.
Advertisement
Secrets
Vault + workload identity. Never in env. Rotate frequent.
Monitoring
Metrics (cost, latency, error). Logs (audit + debug). Traces (distributed).