This only applies to the Narval Managed Cloud. If deploying the Armory Stack in a self-hosted environment, you are responsible for securing the system.

We utilize multiple strategies at various layers of the software & hardware stack to ensure a highly-secure operating environment.

  • Nitro Enclaves: Use confidential compute to protect secrets at runtime & attest to the actual code running on the server.

  • MPC: Use distributed key generation and signing so sensitive keys never live in one place and no single point of failure.

  • Digital Signatures: All sensitive data and requests are signed to guarantee authenticity and provide non-repudiation of requests.

  • Encryption: Data is encrypted at rest & transit, decrypted within Enclaves.

  • Automation: Infrastructure is fully automated with Terraform, deployments are fully managed in CI/CD using GitOps methodology.

Policy Engine


If policy or data sets are altered, malicious access could be granted.


  • Policy & data sets are signed. The auth engine verifies integrity before processing.

  • Data, signature, and verifying public key are hosted separately.

If the policy engine logic is altered, policy rules can be bypassed.


  • Build policy logic around Rego, a declarative policy-as-code language.

  • Audit & open-source the Policy Engine [coming soon]

  • Run the Policy Engine in Nitro Enclaves, attesting the software running.

If the keys used to sign the evaluation decision are compromised, tokens can be forged


  • Use MPC TSS (threshold signing) to sign access tokens.

  • Run the Policy Engine as part of a 3/3 MPC signing scheme. All 3 engine nodes must evaluate the same decision in order to complete the signature. Keyshares are generated and stored encrypted within the enclaves.

A compromised access token can be used by a malicious party


  • Access tokens are client-bound, referencing the client's credential.

  • All HTTP requests are signed by the client, proving authenticity & non-repudiation of the request.

Last updated