Control Panel
Setup and Administration for the Arch Platform
Configure the Entire Platform in One Place
One Console for Every Microservice You Run
Every Microservice, One Console
The Control Panel maintains a record of every microservice in your Arch deployment and everything each one needs to operate. Access settings, database connections, protected memory configuration, and feature capabilities are entered once and stored centrally. You never manually construct or maintain separate configuration files for each service — the Control Panel owns that record and keeps it consistent.
Registration Before Deployment
Arch enforces that no service enters the platform without first being registered through the Control Panel. Registration is what grants a microservice its identity in the authorization layer. Until a service is registered, it cannot communicate with any other service in the platform — and the Control Panel is how registration happens.
Encryption Built Into Every Setting
Configuration Values Leave the Console Already Protected
No Raw Secrets in Deployment Files
When the Control Panel generates configuration values for a microservice, those values are encrypted before you ever see them. What you copy into a service definition file is already protected — not a password, not a connection string, not a key. The configuration material that reaches your deployment pipeline cannot be used directly even if intercepted.
Safe to Store, Safe to Distribute
Because the Control Panel encrypts every output value, those values are safe to store in your existing deployment tooling. You do not need a secrets manager layered on top to protect them further. The encryption is already there, applied uniformly to every setting the Control Panel produces.
Hardware Security Administration
The Console That Unseals the Platform
Guardian Unsealing
When the Application Api runs with a Hardware Security Module, it starts in a Sealed state — the Bootstrap Key is not in memory and all authorization requests are denied until an operator explicitly unseals it. The Control Panel provides the Unlock screen that authenticates against the HSM and brings the platform online. Unsealing requires the operator to be physically present with the HSM credentials; the Control Panel is the interface through which that ceremony is performed.
YubiHSM 2 Integration
The Control Panel supports the YubiHSM 2 for hardware-backed key storage. Dedicated configuration screens guide you through setting up the HSM connection and binding it to the Application Api's Guardian feature. The same interface that supports production HSM deployments also works with the HSM simulator for development — the workflow is identical regardless of environment.
Diagnose Before You Deploy
Catch Configuration Problems Before They Reach Users
Health Checks
A Health Check can be run against any registered microservice at any time. It verifies the service is reachable, properly configured, and functioning correctly before anything in the platform depends on it. Health checks are the first step after every new deployment and the first step in any troubleshooting workflow.
Configuration Diagnostics
For deeper troubleshooting, the Configuration diagnostic decrypts and compares the settings the Control Panel specified against what is actually running in the deployed container. Configuration mismatches are the most common cause of authorization failures, and this diagnostic identifies them immediately. The diagnostic is disabled by default and must be explicitly enabled on the container — it is a tool for controlled troubleshooting, not continuous monitoring.
Tech Sovereignty
Arch
Company
About Contact