Kroki renders diagrams from text and can invoke multiple diagram engines. Security posture depends heavily on safe mode and network/file access restrictions.
- run Kroki in
SECURE mode (default) to block filesystem and network fetch attempts from diagram content
- avoid
UNSAFE mode outside isolated development/testing
- if using
SAFE, explicitly control include behavior per engine
- for PlantUML, keep include URL fetching disabled unless explicitly required
- if includes are needed, use strict include path/whitelist controls (
KROKI_PLANTUML_INCLUDE_PATH, whitelist settings)
- document approved include patterns and monitor rendering logs for include abuse attempts
¶ 3) Harden API perimeter and rendering workload
- expose Kroki behind reverse proxy with TLS, rate limiting, and request body limits
- isolate Kroki from internal metadata services and sensitive network segments
- cap resource usage (CPU/memory/timeouts) to reduce diagram-render DoS risk
- Kroki docs: https://docs.kroki.io/kroki/
- Kroki configuration and safe mode: https://docs.kroki.io/kroki/setup/configuration/
- Kroki source code: https://github.com/yuzutech/kroki
Any questions?
Feel free to contact us. Find all contact information on our contact page.