Fabric automates remote command execution over SSH. Risk concentrates in SSH credentials, command scope, and execution logging.
¶ SSH and Key Management
- Use dedicated per-environment SSH keys.
- Require passphrases or hardware-backed key storage.
- Keep strict host key verification enabled.
¶ Command Scope and Privilege
- Avoid broad
sudo wrappers in Fabric tasks.
- Restrict tasks to minimal command sets.
- Separate read-only operational tasks from mutating tasks.
¶ Script and Dependency Integrity
- Keep Fabric scripts in protected repositories.
- Require review for tasks that modify production systems.
- Pin Python dependencies and scan for vulnerable packages.
- Add guardrails (
--limit, explicit host lists, confirmation prompts for prod).
- Prevent wildcard production execution by default.
- Enforce dry-run style validation when possible.
- Log operator identity, command set, target hosts, and timestamps.
- Ship logs centrally and retain according to policy.
- Alert on destructive command patterns.