UX
ERPUXBack

Security Architecture

How ERPUX keeps your Oracle data secure. Designed for a 10-minute CISO review.

Architecture Overview

ERPUX is a UI-only layer. It renders data but never stores it. All queries flow directly to your Oracle ERP Cloud instance via Oracle REST APIs.

Browser
ERPUX (UI Only)
Oracle REST APIs

No data is stored at the ERPUX layer. All responses are streamed directly from Oracle to the browser.

Zero Transactional Data Storage

ERPUX never stores your ERP data. Every query is executed in real-time against your Oracle instance. Results are rendered in the browser and discarded when the session ends.

  • No caching of financial data, PII, or transactional records
  • No database tables for customer ERP data
  • No server-side session storage of query results
  • What we store: tenant configuration, user preferences (favorites, recent reports), and encrypted credential references

Authentication

ERPUX uses bidirectional JWT authentication with RS256 signing. No passwords are stored or transmitted.

Inbound (Oracle to ERPUX)

Oracle sends a signed JWT via Page Integration (Secure Destination). ERPUX verifies the token using Oracle's public certificate. Token contains user identity, roles, and data security context.

Outbound (ERPUX to Oracle)

ERPUX creates a JWT signed with the customer-specific private key, asserting the authenticated user. Oracle validates this token and executes API calls as that user, enforcing all security policies.

  • RS256 (RSA + SHA-256) signing algorithm
  • X.509 self-signed certificates — no passwords stored or transmitted
  • 30-minute token expiry with automatic refresh
  • Each customer tenant uses its own dedicated certificate pair

Oracle Security Enforced

ERPUX does not implement its own authorization layer. All data access is controlled by Oracle.

  • Oracle roles determine which menus and features a user can access
  • Data access sets control which ledgers, business units, and segments a user can see
  • Business unit security restricts transactional data to authorized organizations
  • API calls execute as the authenticated user — ERPUX cannot elevate privileges
  • If a user cannot see data in Oracle, they cannot see it in ERPUX

Credential & Certificate Management

Customer JWT private keys and service credentials are stored in a cloud-managed, HSM-backed secret vault — never in application databases or source code.

How it works

When a customer connects their Oracle instance, the JWT private key is encrypted and stored in a dedicated cloud vault backed by hardware security modules (HSMs). ERPUX retrieves the key at runtime to sign outbound JWT tokens, and discards it from memory after use. The application database only stores a vault reference — never the key itself.

  • HSM-backed cloud vault — private keys never stored in application databases
  • AES-256-GCM encryption at rest with provider-managed key rotation
  • IAM-controlled access — only the application service identity can retrieve secrets
  • Full audit trail on every secret access, rotation, and deletion
  • Per-tenant key isolation — each customer's credentials are stored independently
  • Customer-owned vault option available for enterprises requiring on-premise key storage
  • End users never need or see admin credentials or private keys

Encryption

All data is encrypted in transit and at rest across every layer of the platform.

  • TLS 1.3 enforced on all connections — browser to ERPUX, ERPUX to Oracle
  • HTTPS only — no HTTP fallback, HSTS headers enforced
  • AES-256-GCM encryption at rest for all stored configuration data
  • Database connections encrypted in transit with certificate verification
  • Automatic TLS certificate rotation managed by the hosting platform

Hosting & Infrastructure

ERPUX runs on a serverless, globally distributed edge network. There are no servers to manage, patch, or secure — reducing attack surface to near zero.

  • Serverless architecture — no SSH access, no OS-level attack surface
  • Global edge network with automatic DDoS protection
  • Auto-scaling with zero infrastructure management
  • Isolated execution environments — no shared compute between tenants
  • Configuration database hosted on managed, encrypted serverless PostgreSQL
  • 99.5% uptime SLA with automated failover

Compliance

Because ERPUX stores no customer ERP data, your existing Oracle compliance certifications cover your data at rest and in transit. Our infrastructure providers maintain independent SOC 2 and ISO 27001 certifications.

  • Inherits Oracle's SOC 2 Type 2 and ISO 27001 certifications for ERP data
  • Infrastructure and vault providers independently SOC 2 Type 2 and ISO 27001 certified
  • No PII stored beyond contact information (name, email)
  • All Oracle audit trails preserved — ERPUX does not bypass Oracle logging
  • Platform audit log tracks all administrative actions, credential access, and configuration changes

Have security questions? We're happy to walk your security team through the architecture.

Contact Us