Onyx connects enterprise knowledge sources to LLM chat and agents. Security hardening should prioritize connector permissions, document-level access control, and secret governance.
¶ 1. Enforce Strict Identity and RBAC
- Integrate SSO (OIDC, SAML, or OAuth2) for centralized identity management
- Map user groups to least-privilege roles in Onyx
- Enforce MFA for privileged identities in the upstream IdP
- Review service account access periodically
| Role |
Permissions |
| Basic User |
Chat, search, personal connectors |
| Curator |
Manage connectors, approve content sources |
| Admin |
Full system access, user management, settings |
- Restrict admin and connector-management permissions to named individuals
- Implement just-in-time (JIT) access for elevated privileges
- Document all role assignments and review quarterly
¶ 2. Harden Connectors and Content Retrieval
- Grant read-only, scoped permissions for each knowledge connector
- Separate high-sensitivity connectors from general-purpose workspaces
- Validate document-level permission sync behavior before production use
- Restrict connector polling endpoints with network policies
| Connector Type |
Security Considerations |
| Google Drive |
Use service accounts with domain-wide delegation, limit scopes |
| Confluence |
Use API tokens, restrict to specific spaces |
| Slack |
Use bot tokens with minimal scopes, limit channels |
| SharePoint |
Use app-only permissions, restrict to specific sites |
| GitHub/GitLab |
Use read-only tokens, limit to specific repos |
- Enable document-level permission mirroring from source systems
- Test permission inheritance before rolling to production
- Schedule regular permission sync intervals (default: hourly)
- Log and audit permission changes
¶ 3. Secure LLM and Infrastructure Dependencies
- Store model provider keys in secret managers (HashiCorp Vault, AWS Secrets Manager)
- Rotate API keys on a defined schedule (90 days recommended)
- Use private endpoints where available (Azure Private Link, VPC endpoints)
- Monitor token usage for anomalies
# Keep Postgres, Redis, and Vespa private (no exposed ports)
# Use Docker internal networking
networks:
onyx-internal:
internal: true
- Never expose database ports to the public internet
- Use strong passwords (minimum 32 characters)
- Enable PostgreSQL SSL/TLS for connections
- Restrict Redis to password authentication only
- Keep Vespa services on internal networks only
- Monitor disk usage (Vespa fails at 75% capacity)
- Back up index configurations separately from data
- Document reindexing procedures for disaster recovery
- Enforce HTTPS for all UI and API endpoints
- Use Let’s Encrypt or enterprise CA for certificates
- Enable HSTS (HTTP Strict Transport Security)
- Configure TLS 1.2 minimum, prefer TLS 1.3
# Example security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Content-Security-Policy "default-src 'self'" always;
| Network Zone |
Services |
| DMZ |
Nginx reverse proxy only |
| Application |
API server, web server, model servers |
| Data |
PostgreSQL, Vespa, Redis (internal only) |
¶ 5. Audit and Monitoring
Enable logging for:
- Connector sync operations
- Permission changes
- Admin actions
- Authentication events
- API access logs
| Metric |
Threshold |
Action |
| Disk usage (Vespa) |
>70% |
Alert, plan capacity expansion |
| API latency |
>2s |
Investigate model server performance |
| Queue depth |
>100 pending |
Scale background workers |
| Failed auth attempts |
>10/min |
Investigate potential attack |
- Retain logs for minimum 90 days (compliance dependent)
- Export logs to centralized SIEM
- Enable tamper-evident logging
- Document incident response procedures
| Secret |
Storage |
Rotation |
| Database password |
Secret manager |
90 days |
| AUTH_SECRET |
Secret manager |
180 days |
| LLM API keys |
Secret manager |
90 days |
| Connector tokens |
Secret manager |
Per connector policy |
| TLS certificates |
Cert manager |
Auto-renew |
- Generate new secret in secret manager
- Update Docker Compose environment variables
- Restart affected services
- Verify functionality
- Revoke old secret after confirmation
| Component |
Update Frequency |
| Onyx application |
Monthly or security advisory |
| PostgreSQL |
Quarterly (follow LTS releases) |
| Vespa |
Monthly |
| Redis |
Quarterly |
| Nginx |
Monthly (security patches) |
| Base OS |
Monthly security updates |
- Review release notes for breaking changes
- Test in staging environment
- Back up databases and volumes
- Apply updates during maintenance window
- Verify all services healthy post-update
- Onyx deployment docs: https://docs.onyx.app/deployment/getting_started/quickstart
- Onyx source repository: https://github.com/onyx-dot-app/onyx
- Vespa security guide: https://docs.vespa.ai/en/operations/security.html
- PostgreSQL security: https://www.postgresql.org/docs/current/security.html
Any questions?
Feel free to contact us. Find all contact information on our contact page.