Security
Multi-layer authentication & access control
0 critical/0 warning
Authentication Layers
Layer 1
Cloudflare Access
Email OTP
shawny-maskit.cloudflareaccess.com
Layer 2
JWT ES256
Self-issued, WebCrypto
15min access / 7d refresh
Layer 3
TOTP RFC 6238
Authy/1Password compatible
ntfy push notification
Layer 4
Rate Limiting
KV-based, per-IP
10 req/min default
API Endpoint Status
| Endpoint | Method | Protection | Status |
|---|---|---|---|
| /api/auth/setup | POST | master key protected | |
| /api/auth/request | POST | rate limited | |
| /api/auth/verify | POST | TOTP + rate limited | |
| /api/auth/refresh | POST | refresh token | |
| /api/auth/revoke | POST | Bearer JWT |
Vault Entries11 items
cloudflare
API Token
active
2026-03-05
cloudflare-access
Service Token
active
2026-03-06
cloudflare-zone
Zone ID
active
2026-03-05
jwt-private-key
ES256 Private Key
active
2026-03-07
totp-secret
TOTP Seed
active
2026-03-07
ntfy-topic
Push Token
active
2026-03-07
cf-account-id
Account ID
active
2026-03-05
gdrive-service-account
Service Account JSON
active
2026-03-06
tailscale-auth-key
Auth Key
active
2026-03-04
imessage-rpc-secret
HMAC Secret
active
2026-03-06
master-key
Master Key
active
2026-03-07
Recent Auth Events
TOTP verified
1Password · 100.64.x.x
OTP requested
CF Access · 100.64.x.x
Token refreshed
JWT · 100.64.x.x
Rate limit hit
KV limiter · 203.0.x.x
Auth attempt
CF Access · 203.0.x.x
Token refreshed
JWT · 100.64.x.x