Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From prodsec-skills
Enforces authenticated and authorized access to model registry storage with RBAC, encryption, access logging, and network isolation controls.
npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skillsHow this skill is triggered — by the user, by Claude, or both
Slash command
/prodsec-skills:model-registry-secure-storageThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Only authenticated and authorized users MUST be able to access the storage where models are stored. Unauthorized access to model storage can lead to model theft, tampering, or injection of malicious models.
Secure model registry administrative interfaces with authentication (OIDC/OAuth 2.1), RBAC, MFA, and session management. Use when building or reviewing admin access controls.
Secures CoreWeave Kubernetes deployments using RBAC, network policies, secrets for GPU workloads, model access, and namespace isolation.
Share bugs, ideas, or general feedback.
Only authenticated and authorized users MUST be able to access the storage where models are stored. Unauthorized access to model storage can lead to model theft, tampering, or injection of malicious models.
| Control | Description |
|---|---|
| Authentication | All access to storage requires authenticated identity |
| Authorization | RBAC controls over read, write, and delete operations |
| Encryption at rest | Model files encrypted on the storage backend |
| Access logging | All storage access operations logged |
| Network isolation | Storage accessible only from authorized networks/services |
| Role | Read Models | Write/Upload | Delete | Admin |
|---|---|---|---|---|
| Inference engine (service) | Yes | No | No | No |
| ML engineer | Yes | Yes (with approval) | No | No |
| Model pipeline (CI/CD) | Yes | Yes | No | No |
| Registry admin | Yes | Yes | Yes | Yes |
| Unauthorized | No | No | No | No |