Security

Requesting Access

Standard k8s vcluster (usdf-embargo-dmz) and Vault access.

Service accounts

The ingest account is used for embargo and main Butler Registry database access in order to distinguish this service from other users of the Registry databases.

Security Incident Response

Since there is no external access, no incidents are expected.

Security Policies

The application processes data in the Embargo Rack, but it generally does not access pixel data (only if the JSON sidecar file is not present).