Defense in depth with Google Cloud Security controls
By building on Google’s secure foundations, including secure-by-design and Zero Trust architecture, Nexus SDV supports the heavy lifting of compliance and threat protection. To achieve this, the Nexus SDV architecture implements a comprehensive, defense-in-depth security model across six key elements:
Mutual TLS (mTLS) and public key infrastructure (PKI)
Nexus SDV relies on cryptographic trust chains to authenticate vehicles before any data exchange can occur. The infrastructure uses Google Cloud Certificate Authority Service (CAS) to manage distinct CA pools (server, factory, and registration CAs), ensuring a highly available and secure root of trust.
Specifically, the registration server enforces registration by forcing clients to present a valid “factory-issued” certificate during the initial TLS handshake, extracting and parsing the certificate directly from the connection stream to definitively prove the vehicle’s identity. During registration, the server performs Certificate Signing Request (CSR) validation sent by the vehicle before issuing a new operational certificate.
Identity and access management
The system uses identity brokering where Keycloak is deployed as the central OpenID Connect (OIDC) identity provider. Vehicles authenticate against Keycloak using their operational certificate via mTLS to receive a short-lived JSON Web Token (JWT).
For fine-grained access control, a custom NATS Auth Callout service provides dynamic subject permissions: It intercepts all messaging broker connection attempts, validates the Keycloak JWT using public JWK keys, and programmatically maps the vehicle’s roles to specific NATS subjects.
For secure service-to-service communication, it uses Workload Identity Federation so pipelines exchange GitHub OIDC tokens for temporary Google Cloud access, removing static credentials, while GKE Workload Identity allows Kubernetes Pods to access backend services like Bigtable by binding Kubernetes service accounts to Google service accounts.
Security is reinforced through restricted IAM scopes, ensuring dedicated service accounts are provisioned with minimal permissions, such as the data API being restricted only to reading from Bigtable. Using VPC-SC, Organization policy constraints and Private Service Connect (PSC) in your deployment context also helps you achieve secure foundations.
Secret management
Nexus SDV relies on centralized secret management to protect sensitive information. All sensitive configurations, database passwords, and cryptographic signing keys are generated dynamically during Terraform infrastructure provisioning and locked inside Google Cloud Secret Manager.
A secret fetching during deployment is used to avoid baking secrets into application code and container images. Instead, services pull signing keys and credentials directly into memory only at runtime, minimizing exposure both at rest and in transit.
Network isolation
To enforce network isolation, the underlying computer infrastructure is heavily shielded. Nexus SDV runs on private GKE clusters where worker nodes have no public IP addresses, preventing direct internet exposure. Additionally, the Keycloak PostgreSQL database uses Cloud SQL IAM Authentication, which allows the Cloud SQL Proxy to connect securely using IAM roles rather than relying on static database passwords or managing IP allowlists.
Secure AI Framework
Google Cloud secures these advanced AI capabilities through a comprehensive, enterprise-grade framework that prioritizes data privacy, model governance, and safe execution, based on guidance from the Secure AI Framework (SAIF). With Gemini Enterprise Agent Platform, security and governance are natively embedded into the machine-learning lifecycle through capabilities, such as dedicated Explainability and Safety controls, continuous Evaluation and Monitoring, and secure model registries.
You can learn more about how we secure AI here.
Data API
Instead of allowing downstream applications and external clients direct access to data stores like Bigtable, Nexus SDV routes data retrieval through a custom Data API. This microservice acts as a secure abstraction layer that translates strictly, such as querying specific vehicle IDs, sensor data types, and predefined time windows, into heavily constrained Bigtable row-range scans and column filters.
By doing so, it serves as a secure gateway that enforces structured data access patterns.
Start your journey with Nexus SDV
Nexus SDV represents a new era of automotive intelligence, delivering an agentic, secure, and cost-efficient platform that empowers manufacturers to harness the full power of AI in an open-source framework. You can learn more about how we are redefining the software-defined vehicle here.




