CloudSlang executes operational flows that often interact with cloud APIs, credentials, and infrastructure changes. Security controls should prioritize credential safety and execution boundaries.
¶ Flow Source Control and Integrity
- Store flows in protected repositories.
- Require reviews for flow changes that impact production.
- Use signed commits or protected release branches for deployment content.
¶ Credential Handling
- Keep API keys and tokens in encrypted secret stores.
- Inject secrets at runtime; never hardcode in YAML flows.
- Rotate credentials used by automation workers.
- Run workers under least-privilege service accounts.
- Isolate worker nodes from public networks.
- Restrict outbound egress to required endpoints only.
- Separate author, operator, and admin roles.
- Enforce MFA and SSO for management interfaces.
- Audit permission changes.
¶ Audit and Incident Response
- Log who executed each flow and with what parameters.
- Redact secret values from run logs.
- Keep immutable audit records for compliance.