OTA-Pulse

Security

OTA-Pulse is built security-first — signed firmware, strict access control, encrypted transport, and a full audit trail from build to device installation.

Artifact signing

Every firmware artifact is cryptographically signed before deployment. OTA-Pulse supports RSA-4096 with PSS padding and SHA-256 and ECDSA-P384 with SHA-384 — both verified by the open-source cryptography library.

Public keys are embedded into device images at build time (read-only filesystem). Private keys are generated on the server and stored in your HSM or vault — they never touch the device. The device verifies the signature before installation; any tampered artifact is rejected, deleted, and reported back to the server.

Artifact signing deep-dive →

Access control

Organizations are the primary tenancy boundary — all resources (devices, deployments, signing keys) are scoped to an org. Within each org, four roles enforce least-privilege access: Owner, Admin, Member, and Viewer.

API keys can be issued with narrowed scopes for CI pipelines and automation. Public self-registration is disabled by default; admins invite users through the console or admin API.

RBAC reference →

Transport security

All production traffic uses HTTPS-only endpoints. Devices communicate with the server over TLS; plain-HTTP connections are not accepted in production deployments.

CORS origins are configured per deployment — only the listed dashboard origins are accepted by the API server. Cross-origin requests from unlisted origins are rejected at the framework layer before reaching any handler.

Audit logging

Every significant action — deployment created, device decommissioned, signing key revoked, role changed, signature verification attempt — is recorded in an append-only audit log with actor identity and timestamp.

Logs are available via the REST API and the console audit view, and can be exported for SIEM ingestion. Device-side security events (verification failures, lockdowns) are reported back to the server and appear in the same log stream.

Device lifecycle →

Compliance

SOC 2 Type II — in progress. We are actively working toward SOC 2 Type II certification; this work is not yet complete.

Other compliance frameworks (HIPAA, ISO 27001) are on the roadmap. Contact us at security@ota-pulse.com for current compliance status and questionnaire support.

Responsible disclosure

Found a vulnerability? We take security reports seriously and respond within 1 business day.

Please email security@ota-pulse.com with a description of the issue and steps to reproduce. We publish credit for confirmed reports and aim to ship a fix or mitigation within 90 days of confirmation.

Get started in 5 minutes.

Register your first device, push a firmware update, and watch it land — without touching a serial console.

Open source agent · Self-host or cloud · No vendor lock-in