Kroki CLI can call local/remote rendering services. Hardening should prevent data leaks and SSRF-like misuse.
- Point Kroki CLI only to trusted rendering endpoints.
- Do not allow arbitrary user-specified endpoint URLs.
- Enforce TLS verification for remote endpoints.
- Restrict outbound network access from build runners.
- Block access to internal metadata and admin services.
- Use proxy allow-lists for permitted destinations.
- Isolate rendering engines in containers.
- Apply strict resource limits to prevent DoS via complex diagrams.
- Keep renderer images updated.
¶ Artifact and Data Handling
- Treat diagram source as potentially sensitive data.
- Protect generated artifacts in storage and CI logs.
- Avoid embedding secrets in diagram labels or notes.