Container

Distroless base. Non-root user. Read-only filesystem where possible. Regular vuln scan (Trivy).

Advertisement

Network

VPC isolation. Egress allowlist. TLS everywhere. Private endpoints for LLM APIs.

Advertisement

Secrets

Vault + workload identity. Never in env. Rotate frequent.

Monitoring

Metrics (cost, latency, error). Logs (audit + debug). Traces (distributed).