> ## Documentation Index
> Fetch the complete documentation index at: https://support.lilt.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Encryption And Access Control

## Encryption and Encoding

### Database

The application database is configured to use the *AES-128* encryption algorithm in ECB (Electronic Codebook) mode.

### Storage

The data is stored using the openebs-localpath PVC storage class, leveraging the default Linux-enabled encryption set up within the customer’s infrastructure (by customer’s sysadmin). If AWS is used for storage, the app is compatible with buckets encrypted using AWS KMS.

### Kubernetes

*Istio* STRICT mode enables end-to-end encryption in Kubernetes clusters by using mutual TLS (mTLS) for secure service-to-service communication.

Kubernetes secrets are stored in etcd in a *base64-encoded* format.

### Application

User passwords in the application are hashed using *bcrypt*.

## Access Control

### Application

#### Organizations

Organizations represent the highest granularity multi-tenancy. Users in separate organizations do not share translation data, user accounts or other project information.

#### Role-Based Access Control & Domains

Within an organization, LILT manages application access through role-based access control. For more information, visit our public article [/kb/role-based-access-control](/kb/role-based-access-control) .

[LILT Domains](/kb/lilt-domains) allows organizations to segment their workflows by assigning resources—such as users, models, and preferences—to specific domains.

### Services

Application access to backend services is managed through *Kubernetes* service accounts and secrets. These details can be configured during the application setup.