Local Deep Research ingests external sources, extracts content, and stores research context locally with SQLCipher encryption. Hardening should focus on ingestion trust, storage encryption, and outbound network controls.
¶ 1) Encryption and Data Protection
- AES-256 encryption for all user databases (Signal-level security)
- Per-user isolated databases - Each user gets their own encrypted database
- Zero-knowledge architecture - No password recovery; even server admins cannot read user data
- Session-scoped credentials - API keys held in memory only during active sessions
# Default: SQLCipher enabled (recommended)
LDR_ALLOW_UNENCRYPTED=false
# Set to "true" only for development/testing (disables encryption)
LDR_ALLOW_UNENCRYPTED=true
- Restrict filesystem permissions to the service account only
- Separate workspaces for sensitive and public research projects
- Back up encrypted data and validate restore procedures
- Exclude core dumps from containing sensitive data
- Allow only approved source providers and APIs
- Validate and sanitize imported documents before indexing
- Limit maximum upload size and extraction runtime to reduce abuse
- Isolate OCR/PDF extraction workers from core services
- Configure approved search engines:
- Academic: arXiv, PubMed, Semantic Scholar
- General: Wikipedia, SearXNG (self-hosted)
- Technical: GitHub, Elasticsearch
- Premium: Tavily, Google (SerpAPI), Brave Search
¶ 3) Secure Model and Search Credentials
- Store provider/API credentials in secret management
- Restrict outbound egress to required endpoints only
- Log connector and retrieval operations for incident review
- Patch dependencies used for parsing and retrieval quickly
- Rotate API keys periodically
networks:
ldr-network:
driver: bridge
internal: false # Set to true for fully isolated deployments
Allow only required outbound connections:
- Ollama:
11434/tcp (internal)
- SearXNG:
8080/tcp (internal)
- Web UI:
5000/tcp (external, behind reverse proxy)
- External APIs:
443/tcp (OpenAI, Anthropic, Google, etc.)
Use a reverse proxy (Nginx, Caddy, Traefik) for:
- TLS termination
- Rate limiting
- Authentication (if not using built-in auth)
- Request filtering
Local Deep Research implements supply chain security measures:
- Cosign signing - Docker images are cryptographically signed
- SLSA provenance attestations - Build provenance attached to images
- SBOMs - Software Bill of Materials included with images
# Verify image signature
cosign verify localdeepresearch/local-deep-research:latest
# View SBOM
cosign download sbom localdeepresearch/local-deep-research:latest
¶ Security Badges and Scanning
The project uses multiple security scanning tools:
- OpenSSF Scorecard
- CodeQL
- Semgrep
- DevSkim
- Bearer
- Gitleaks
- OSV-Scanner
- OWASP ZAP
- Monitor model inference errors and latency
- Track queue depth for research jobs
- Log authentication attempts
- Review connector and retrieval operations
- Set up alerts for unusual activity
# Disable registration after initial user creation (single-user deployments)
LDR_APP_ALLOW_REGISTRATIONS=false
- Built-in user authentication with encrypted credentials
- Per-user database isolation
- Session-based authentication with CSRF protection
- Keyboard shortcuts for sensitive operations (ESC to cancel)
- Local Deep Research repository: https://github.com/LearningCircuit/local-deep-research
- Security policy: https://github.com/LearningCircuit/local-deep-research/blob/main/SECURITY.md
- CodeQL guide: https://github.com/LearningCircuit/local-deep-research/blob/main/docs/security/CODEQL_GUIDE.md
Any questions?
Feel free to contact us. Find all contact information on our contact page.