Skip to main content
Skip table of contents

Secure-By-Design Principles

A set of RunWhen internal design principles to promote security-by-design, published here for our user's reference.

Encryption In Transit

  • All communications in/out of the RunWhen Platform use TLS (https) unless otherwise noted.

  • All communications between microservices inside the RunWhen Platform use TLS as managed by service meshes unless otherwise noted.

  • When handling Enterprise Task Output Data, avoid transiting data through the RunWhen Platform where possible. (This is particularly relevant as the data is in transit from RunWhen Local to RunWhen-managed or User-managed storage.

Encryption At Rest

  • Enterprise Task Output Data in RunWhen-managed storage is also encrypted at rest. Encryption keys for Workspace-specific access may be available on request.

Least Privilege

The creation of any account follows the principle of least privilege. This includes --

  • Workspace User Accounts - accounts used for individuals to access their Workspaces. Each User may access multiple workspaces. These accounts follow the RunWhen permissions model.

  • Workspace Service Accounts - accounts for User and RunWhen software to access Workspaces. Each Workspace Service account may only access a single Workspace. These accounts also follow the RunWhen permissions model.

  • RunWhen Admin Accounts - accounts used by RunWhen personnel that have access to production environments. Membership in these accounts and access of these accounts to RunWhen's key cloud resources is audited via Admin Activity Logs from our cloud provider (GCP). By default, these accounts do not have access to any Workspace data.

  • RunWhen Service Accounts - accounts used by RunWhen software to create other accounts and create Enterprise Workspace resources (Git Repositories, Workspace Buckets, etc). Unless otherwise noted, these accounts do not have access to any Enterprise Data.

    • At the time of this writing, RunWhen Service Accounts do have access to Workspace Git Repositories and RunWhen-managed GCP buckets for reliability purposes. Reduction of this access is on the RunWhen roadmap.

No Long Lived Credentials

Default credentials for Workspace User Accounts, Workspace Service Accounts and RunWhen Admin Accounts are short lived.

The only case where this can be over-ridden is by Users explicitly setting long-lived dates that over-ride the default when downloading Workspace User Account tokens. We request that Users respect their organization's security practices in this regard.

Admin Audit Logging

Leverage admin audit logging to all infrastructure/platform level resources

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close