Documentation — Stratium Data

Getting Started

Stratium provides a unified control plane for ABAC authorization, entitlements management, and TDF encryption. This guide will walk you through initial setup and configuration.

Prerequisites

Before you begin, ensure you have:

An active Stratium account (SaaS) or deployed instance (on-prem)
API credentials configured in your environment
The Stratium CLI or SDK installed

Quick Start

# Install the Stratium CLI
npm install -g @stratium/cli

# Initialize your project
stratium init

# Configure your first policy
stratium policy create --name "default" --type abac

Policies

Stratium supports multiple policy formats to match your existing infrastructure. The policy engine evaluates access decisions in real time based on attributes, context, and organizational rules.

Supported Formats

Define policies in JSON, XACML, or OPA Rego. Stratium normalizes them into a unified evaluation pipeline.

Example: JSON Policy

{
  "name": "data-analyst-access",
  "effect": "permit",
  "subjects": { "role": "data-analyst" },
  "resources": { "type": "dataset", "classification": "internal" },
  "actions": ["read"],
  "conditions": {
    "time": { "between": ["08:00", "18:00"] }
  }
}

Entitlements

Entitlements bind subjects to resources through attributes. They define what a subject is allowed to do in a given context — going beyond simple roles to capture fine-grained, dynamic permissions.

Creating Entitlements

stratium entitlement create \
  --subject "user:alice@example.com" \
  --resource "dataset:financial-reports" \
  --attributes '{"clearance": "confidential", "department": "finance"}' \
  --actions read,export

Encryption & TDF

The Trusted Data Format (TDF) binds encryption to policy decisions. Data encrypted with TDF can only be decrypted by subjects who satisfy the associated policy at the time of access.

Configuring Algorithms

Choose from RSA, ECC, or Kyber (ML-KEM) based on your security requirements:

stratium crypto configure \
  --algorithm kyber \
  --key-size 768 \
  --environment production

Integration

Stratium integrates with your existing identity providers, databases, and secret managers.

Supported Integrations

OIDC/OAuth2 — Connect your identity provider (Okta, Auth0, Azure AD)
Database — PostgreSQL, MySQL, MongoDB attribute stores
Key Management — AWS KMS, Azure Key Vault, HashiCorp Vault
Secrets — Environment variables, Doppler, 1Password

SDKs & Samples

Get started quickly with our client libraries and sample applications.

Go Client

import "github.com/stratium/sdk-go"

client := stratium.NewClient(stratium.Config{
    Endpoint: "https://api.stratium.dev",
    APIKey:   os.Getenv("STRATIUM_API_KEY"),
})

decision, err := client.Authorize(ctx, stratium.Request{
    Subject:  "user:alice",
    Resource: "dataset:financial",
    Action:   "read",
})

JavaScript Client

import { Stratium } from '@stratium/sdk';

const client = new Stratium({
  endpoint: 'https://api.stratium.dev',
  apiKey: process.env.STRATIUM_API_KEY,
});

const decision = await client.authorize({
  subject: 'user:alice',
  resource: 'dataset:financial',
  action: 'read',
});