Tsuru orchestrates applications and services for multiple teams, so tenancy and API security are core.
¶ API and Tenant Security
- Restrict Tsuru API/admin interfaces to management networks.
- Enforce RBAC per team/application.
- Rotate user, token, and service credentials regularly.
¶ Runtime and Build Security
- Validate build/deploy images and apply vulnerability scanning.
- Restrict app network exposure by default.
- Use dedicated secret backends and avoid plaintext env var leaks.