> ## Documentation Index
> Fetch the complete documentation index at: https://docs-slidekit.theduomi.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security & Operations

> Self-hosting model, data boundaries, outbound calls, logging, and basic operational responsibilities.

# Security & Operations

SlideKit is designed to run inside your infrastructure. Self-hosting keeps templates, request payloads, generated files, database rows, and storage objects under your control.

Self-hosting does not remove every security responsibility. You still control network exposure, API key handling, database and storage permissions, container patching, log collection, and any optional outbound integrations.

## Data Boundary

The service handles:

* **Templates**: uploaded `.pptx` files stored in the configured storage backend. Metadata lives in PostgreSQL.
* **Generation payloads**: JSON submitted per request. Job metadata lives in PostgreSQL, and generated `.pptx` files are stored in the configured output storage backend.

Supported storage backends in the current codebase are local filesystem, GCS, and S3.

## Outbound Calls

No outbound service is required for generation. The optional Logo.dev integration can fetch company logos when `LOGO_DEV_TOKEN` is configured. Leave `LOGO_DEV_TOKEN` unset to disable that path.

With Logo.dev disabled, the application can run in an air-gapped environment if your database, storage backend, and license file are available inside that environment.

## Authentication

Protected routes use database-backed API keys. For details, see [Authentication](/guides/authentication).

## Logging

The service writes application logs to stdout/stderr for collection by your container runtime or platform logging stack. Control verbosity with `LOG_LEVEL`.

Logs are intended for request lifecycle, job status, auth outcomes, and error diagnostics. Template files and generated `.pptx` bytes are not logged.

## Operations Checklist

* Keep the API behind your private network boundary or trusted gateway.
* Store API keys, database credentials, and the Aspose license in your secret manager.
* Restrict database and storage permissions to the application runtime.
* Back up PostgreSQL and the template/generated-file storage backend together.
* Monitor `/health`, 5xx rates, generation failures, and worker restarts.
* Keep the container image and Python dependencies patched.

## Health Checks

The `/health` endpoint returns service status and is suitable for load balancer and container health probes.
