Tenant isolation
Separate tenant resources, project access, billing scope, runtime controls, and audit visibility.
Secure the platform layer behind your projects: identity, roles, permissions, secrets, policy checks, audit logs, and tenant boundaries.
Secrets exposed
0
Policy mode
strict
Audit
live
Security vault
tenant_9fa / production
Know who is touching what.
Manage users, tenants, teams, project members, roles, permissions, invitations, and access boundaries from one security model.
RBAC
Identity
Access matrix
Platform Security gives each role a real permission boundary. The goal is not to slow teams down. The goal is to stop one careless click from becoming a small fireworks show.
Maintainer
Can deploy, manage env, and operate services.
Deploy production
allowCreate preview deploy
allowRead runtime logs
allowEdit secrets
allowManage billing
denyInvite members
allowSecrets chamber
references, not raw values
DATABASE_URL
scope: production
XENDIT_SECRET_KEY
scope: billing
GITHUB_APP_PRIVATE_KEY
scope: git-service
JWT_PUBLIC_KEY
scope: platform
Secrets by reference
Store sensitive values once, then pass controlled references to services, deploys, builds, and runtimes. The fewer places a secret appears, the fewer places it can leak.
Runtime injection
Secrets arrive only where they are needed.
Rotation ready
Update references without rewriting the whole platform.
Policy evaluator
Permission checks should be close to every sensitive operation: deploys, domains, secrets, billing, project settings, member management, and runtime controls.
developer
deploy.production
project/app-web
denymaintainer
deploy.preview
project/app-web
allowviewer
logs.read
runtime/app-web
allowdeveloper
secret.write
production
denyAudit ledger
click an event to inspect
Audit trail
Sensitive actions should be visible after they happen. Audit logs help you answer who did it, where, when, under which scope, and whether policy allowed or denied it.
selected event · 12:47
Actor developer-07 touched prod/DATABASE_URL and the decision was denied.
Security controls
Separate tenant resources, project access, billing scope, runtime controls, and audit visibility.
Give people the smallest set of permissions needed to ship without turning the platform into a free-for-all.
Use references instead of scattering raw values across services, logs, clients, and deployment metadata.
Sensitive operations go through policy gates before they mutate platform state.
Platform Security
Lock down secrets, scope access, enforce policy, isolate tenants, and keep an audit trail for the actions that matter.
identity → policy → secret → audit