Isolation & support access
Your environment is isolated. Your devices, groups, rollouts, artifacts, incidents, and audit trail are yours alone — isolation is enforced by the platform, not left to convention, and is verified by tests so a regression is caught rather than discovered.
Identity is bound to the certificate
A device's identity comes from its verified mutual-TLS certificate, never from the request body, so a device can only ever act as itself. See Device identity for how that identity is structured and proven.
Your signing scope is your own
Your update-signing authority is isolated. A compromise of one party's signing material cannot push artifacts into your fleet — and combined with the verify-before-apply model, that isolation holds across both the control plane and the supply chain. The broader trust model is covered in Zero trust and The Update Framework.
You control support access
Whether Meshanics support may operate in your environment is a grant you control, and every change to it is written to your audit log — a clear record of when support could and could not act. That matters for regulated and air-gap-sensitive deployments, where being able to show exactly who had access, and when, is part of the evidence.