> ## Documentation Index
> Fetch the complete documentation index at: https://docs.strata.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

The Maverics Orchestrator sits at the center of your identity infrastructure -- handling authentication tokens, user attributes, client secrets, and session data on every request. That makes it a critical piece of your security posture. These guides walk you through the four pillars of securing your Maverics deployment so that sensitive data stays protected in transit, at rest, and under audit.

The four pillars are: **TLS** for encrypting connections between clients, the Orchestrator, and your upstream applications; **secrets management** for keeping credentials out of config files by integrating with external vaults; **authorization policies** for controlling who can access what through multiple access control models -- roles, attributes, policies, and external policy decision points; and **compliance** for audit logging and regulatory reporting. Work through them in any order -- each guide stands on its own.

## Guides

<CardGroup cols={2}>
  <Card title="Configure TLS" icon="lock" href="/guides/security/tls">
    Define named TLS profiles, bind them to the HTTP listener with http.tls, and configure backend TLS for upstream connections
  </Card>

  <Card title="Manage Secrets" icon="vault" href="/guides/security/secrets-management">
    Configure secret providers via environment variables and CLI flags -- HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, and more with namespace.key references
  </Card>

  <Card title="Authorization Policies" icon="shield-check" href="/guides/security/policies">
    Define authentication policies with idps, nested and/or authorization rules, and OPA policies for flexible access control across RBAC, ABAC, PBAC, and external PDP models
  </Card>

  <Card title="Compliance and Audit" icon="clipboard-check" href="/guides/security/compliance">
    Configure security features for SOC2, HIPAA, and GDPR compliance -- TLS, secrets, policies, logging, and session management checklist
  </Card>
</CardGroup>

## Related Pages

<CardGroup cols={2}>
  <Card title="Transport Layer Security (TLS)" icon="file-code" href="/reference/orchestrator/tls-security">
    Complete configuration reference for TLS certificates, HTTPS listeners, and security settings
  </Card>

  <Card title="Secret Providers Reference" icon="key" href="/reference/orchestrator/configuration/secret-providers">
    Detailed configuration for each supported secret provider -- Vault, AWS, Azure, Delinea, and environment variables
  </Card>

  <Card title="Operations Guides" icon="gears" href="/guides/operations/overview">
    Deploy, monitor, and scale the Orchestrator in production environments
  </Card>

  <Card title="Authentication Guides" icon="right-to-bracket" href="/guides/authentication/overview">
    Configure SSO, SAML federation, and identity provider migration
  </Card>
</CardGroup>
