Railbase
GPTClaude

How Railbase Is Secured

The security model behind Railbase — signed modules, encryption at rest, tenant isolation, and a boundary you control.

Updated

Your server is the security boundary

Railbase is self-hosted. The core is a single free binary; your data lives in one Vault file on a machine you control. Nothing runs on someone else's cloud, and railbase.app only handles the catalog, licenses, and signed artifacts — never your business data. That means the trust boundary is your own infrastructure, managed with simple self-hosting: one binary, one file, and works with your IT partner if you have one. There's no shared multi-tenant SaaS holding your records.

Business modules are signed and verified before they run

Every business module you install from the marketplace ships as a bundle that is hashed with SHA-256 and signed with Ed25519. Before your instance runs a bundle, it verifies that signature against a pinned set of vendor keys. If the signature or hash doesn't match, the code is not executed. In practice this means there is no third-party binary to vet, no untrusted sideload, and no way for tampered or substituted code to slip in — the module either verifies against a key you trust, or it doesn't run at all.

Encryption at rest

Module bundles are encrypted at rest inside the core. A module's licence gate lives at the execution point, so unpaid, expired, or revoked code is never decrypted in the first place. Your instance only decrypts and runs what it has both verified and is licensed to use.

Tenant isolation and RBAC in the core

Multi-tenancy and role-based access control are built into the core, not bolted on per module. Every collection, API endpoint, and business module is tenant-scoped: data is stamped and queried by tenant, so one company's records stay walled off from another's. RBAC governs who can see and do what, and modules consume that same access layer through mediated host capabilities rather than reaching into internals. A module can only touch data the platform hands it, under the tenant and permissions in force.

FAQ

Is any of my business data sent to railbase.app?

No. railbase.app serves the catalog, issues licences, and hosts signed artifacts. Your operational data stays in your own Vault file on your own server.

Can a business module run code you haven't approved?

No. Each bundle must verify against a pinned vendor key before it executes, and it's decrypted only when licensed. Unverified or unlicensed code never runs.

What certifications does Railbase carry?

We describe the technical controls honestly rather than claim certifications we don't hold. For the engineering detail, see the pages below.

For the deeper technical model, read security and how business modules work. When you're ready, browse business modules or plan an implementation.

Was this page helpful?Thanks for your feedback!