--- type: doc name: security description: Security policies, authentication, secrets management, and compliance requirements category: security generated: 2026-04-29 status: active scaffoldVersion: "2.0.0" --- # Security & Compliance Notes ## Authentication & Authorization The application uses JWT (JSON Web Tokens) for authentication. - The `AuthModule` handles user login (`AuthLoginComponent`). - An `AuthGuard` is implemented to protect specific routes, ensuring that unauthenticated users are redirected to the login page. - Role-based access control (RBAC) is implemented via `PermissionUser` components and specific guards. ## Secrets & Sensitive Data - Environment variables (`src/environments/`) contain API endpoints. - Avoid hardcoding tokens or sensitive keys directly into the source code. - JWT tokens are stored in `localStorage` or `sessionStorage` and attached to outgoing requests via an HttpInterceptor. ## Cross-References - [Architecture](./architecture.md)