TLE2E EncryptionTenantLevel
TLE2E EncryptionTenantLevelClassified operations console

Tenant-level end-to-end encryption, presented like an ops desk instead of a SaaS brochure.

Sign in with a browser session that stays in an httpOnly cookie. Register new operators, bootstrap tenants, and reveal one-time secrets inside dedicated pages built for regulated workflows.

Sign inRegisterBootstrap tenant

Identity

Cookie-backed session state with claims decoded server-side.

Bootstrap

One-time licence and acting secrets only appear in a dedicated reveal page.

Control plane

Tenant, role, policy, and key surfaces stay tenant-scoped and audited.

Operational stance

Security first. Noise last.

Tenant-scoped

Auth

JWT claims live server-side; the browser only sees the cookie-backed session.

Secrets

Licence and acting keys are shown once in a dedicated reveal page and then cleared.

Runtime

The control plane and data plane stay separated through the local BFF proxy layer.

Bootstrap sequence
1. Create tenant
2. Save acting and licence secrets
3. Provision infrastructure
4. Track onboarding until green