Security, Identity & Secrets Management

This section outlines the security and credential management requirements for Robility Flow deployments. Proper handling of secrets, credentials, certificates, and access controls is essential to maintaining a secure deployment and ensuring compliance with organizational security policies.

Secrets Management

1. Kubernetes: All credentials must be stored as Kubernetes Secrets in the robilityflow namespace. External secret management via HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault is supported via the External Secrets Operator (ESO).
2. VM / Docker: All credentials must be supplied as environment variables referenced from a .env file, or via Docker Secrets. Plain-text credentials must never be committed to source control or embedded in the Compose file.
3. Secrets must not be committed to source control or embedded in plain text in any configuration file.

RBAC & Namespace Isolation (Kubernetes)

1. Create a dedicated Kubernetes namespace: robilityflow
2. Apply a ResourceQuota and LimitRange to the namespace to prevent resource exhaustion.
3. Create a dedicated ServiceAccount for the Runtime pods with minimum required permissions.
4. Do not run containers as root. The Runtime image supports non-root execution (UID 1000 by default).

Network Policies

1. Kubernetes: Apply NetworkPolicy to restrict ingress to Runtime pods to the Ingress controller only. Restrict egress to permitted data-tier endpoints and whitelisted external URLs.
2. VM / Docker: Use Docker’s internal bridge networks to isolate inter-service traffic. Expose only port 443 on the host interface. Use OS-level firewall rules (ufw / firewalld) to block all other inbound ports.

Image Security

All RobilityFlow container images are scanned with a vulnerability scanner (Cycode, Snyk) before deployment.

Pod / Container Security

1. Apply PodDisruptionBudget (PDB) for Designer and Runtime deployments (Kubernetes) to ensure availability during node maintenance.
2. Set securityContext.readOnlyRootFilesystem: true where compatible; mount emptyDir volumes for temporary write paths.
3. Disable privilege escalation: allowPrivilegeEscalation: false on all containers (Kubernetes) or use –security-opt no-new-privileges in Docker Compos.