Skip to content

Trust Center Admin

Path: /trust-center-admin

Trust Center Admin

Configure the public Trust Center portal that prospects and customers can access to view your security posture.

Configuration Options

  • Branding — Logo, company name, description.
  • Sections — Toggle visibility of certifications, documents, and compliance status.
  • Certifications — Add SOC 2, ISO 27001, and other certifications with dates.
  • Documents — Upload security whitepapers, policies, and questionnaire responses.
  • Access Requests — Review and approve/deny document access requests.

Public portal URL: https://your-domain/trust-center/your-org-slug

File upload

You can attach a real file to a certification or document entry instead of just a name. From the admin, upload the file and the platform stores it in object storage under an org-scoped key (trust-center/{org_id}/<uuid>-<filename>), returning a document_key that you then save onto the certification/document entry.

The upload endpoint is:

POST /orgs/{org_id}/trust-center/upload   (multipart/form-data, field: file)

Constraints enforced server-side:

  • Allowed file types: PDF, DOCX, PNG.
  • Maximum size: 50 MB.
  • Requires the org-configure permission.

A successful response returns document_key, filename, content_type, and size. Persist the document_key on the entry so the portal can resolve a download URL for it later.

NDA-gated presigned download

Whether a document is downloadable directly from the public portal depends on its NDA flag:

  • Non-NDA documents with a stored document_key get a short-lived presigned download URL generated automatically and embedded in the public portal payload — anyone viewing the Trust Center can download them.
  • NDA-gated documents never expose a download URL on the public payload. Their download_url is null until access is explicitly approved.

To obtain an NDA-gated file, a visitor submits an access request (accepting the NDA). An admin then approves it:

POST /orgs/{org_id}/trust-center/requests/{request_id}/approve

On approval the platform resolves the document key, generates a presigned download URL valid for expires_in_hours (default 168 hours / 7 days), records download_expires_at on the request, and emails the requester a link. The URL is also returned to the admin in the approve response so it can be copied directly. Approval is idempotent — a request that is not in the pending state is returned as-is without re-issuing a link. Deny marks the request denied with an optional reason and issues no link.

Object storage prerequisite (R2 / MinIO)

File upload and presigned download require an S3-compatible object store to be configured. In production this is Cloudflare R2; for local or self-hosted deployments any S3-compatible store such as MinIO works. Set these environment variables on the backend:

Variable Purpose
R2_ENDPOINT_URL S3/R2 endpoint URL (e.g. your MinIO URL, or leave blank for R2 with CF_ACCOUNT_ID).
R2_ACCESS_KEY_ID Access key ID.
R2_SECRET_ACCESS_KEY Secret access key.
R2_BUCKET_NAME Bucket name (default sovereign-evidence).
CF_ACCOUNT_ID Cloudflare account ID — used to derive the R2 endpoint when R2_ENDPOINT_URL is not set.

If object storage is not configured, upload returns 503 "Object storage is not configured. File uploads are unavailable." and the public portal simply omits download URLs (the rest of the Trust Center still renders normally).