Monolit Security
Last updated: March 2026
Monolit is designed around a simple principle: your digital environment should remain under your control. Monolit.Cloud acts as the security and synchronization layer for the Monolit ecosystem.
Security Philosophy
Security is implemented through a combination of device-aware authentication, session management, secrets protection, auditability, and secure communication. We design the platform assuming that devices may be compromised, networks may be hostile, and attackers may attempt unauthorized access.
Device Trust Model
Each device connected to Monolit is registered and tracked. Device information includes device identifier, device name, operating system, application version, trust level, and activity timestamps. Users can revoke devices, terminate sessions, and review activity logs.
Authentication
Authentication is handled through Monolit.Cloud. Security features include token-based sessions, refresh token rotation, device registration, and recent authentication checks for sensitive operations.
Secrets Protection
Sensitive credentials are handled through a secure vault layer. Examples include OAuth tokens, IMAP or SMTP credentials, and API keys. Secrets are stored securely and access is restricted to authenticated sessions.
Encryption
All communication with Monolit services is protected using TLS. Sensitive data may also be encrypted at rest depending on infrastructure configuration.
Security Logging
Security-relevant events are recorded, including login attempts, device registration, session creation, session revocation, and sensitive actions. This supports operational monitoring and incident investigation.
Responsible Disclosure
If you discover a security issue, contact security@monolit.cloud. We appreciate responsible disclosure and investigate reports promptly.