> For the complete documentation index, see [llms.txt](https://docs.nuvolos.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.nuvolos.com/concepts/roles-secrets-and-identity.md). # Roles, secrets, and identity Security in Nuvolos rests on three pillars: a **role system** that controls who can do what at every level of the hierarchy, a **secrets system** that handles credentials without exposing them on the file system, and **identity providers** that verify who you are when you log in. This chapter explains how the three fit together. #### How the three layers fit together Putting the three layers together: identity providers establish *who you are*, the role system controls *what you can see and do* at each level of the hierarchy, and secrets give your running Applications *the credentials they need* without exposing those credentials on disk. This separation is what allows Nuvolos to host everything from open public datasets to confidential research projects within the same organisation, with the same UI, without those use cases interfering with each other. #### Where to go next * For the full role × capability matrix, see [Concepts › How roles are organised](/concepts/roles-secrets-and-identity/roles.md). * For administrative procedures on inviting and revoking members, see [Administration › Organisation administration](/administration/organisation-management.md). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.nuvolos.com/concepts/roles-secrets-and-identity.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.