self-hosted infrastructure security
How is the internal infrastructure secured against unauthorized access?
- Self-hosting workflow automation keeps API payloads and credentials entirely within our own controlled infrastructure, cutting third-party vendor risk.
- The network is isolated behind a secure reverse proxy handling TLS termination; default application ports are blocked from the public internet.
- A default-deny firewall policy restricts traffic to required HTTPS ports only, alongside automated blocking of malicious IP addresses.
- Server access requires strict cryptographic keys — password authentication is disabled entirely.
How are API credentials protected within the workflows?
- Credentials are never stored in plain text — native database credential encryption is used throughout.
- A unique encryption key ensures every API key and authentication token is heavily encrypted at rest.
- Credentials are never exposed in workflow exports or system logs.