Security at CrateRunner
Security isn't an afterthought — it's foundational to how CrateRunner is built. Your infrastructure, your data, your control.
Security Principles
CrateRunner runs entirely on your infrastructure. Your code, data, and secrets never touch our servers. You maintain complete control over your deployment environment.
Every component operates with minimal permissions. The CrateRunner agent requests only the access it needs, nothing more.
Fine-grained role-based access control lets you define exactly who can do what. Every action is logged with user attribution for complete audit trails.
All communications use TLS 1.3. Secrets are encrypted at rest using AES-256. No plaintext credentials ever touch disk.
Built with software supply chain security in mind. Support for image signing, SBOMs, and provenance verification.
Full visibility into what CrateRunner is doing. No hidden network calls, no telemetry without consent, no black boxes.
Built for Compliance
CrateRunner provides the tools you need to meet regulatory and compliance requirements.
Audit Log Exports
Export comprehensive audit logs in standard formats for compliance reporting and SIEM integration.
Policy Enforcement
Define and enforce deployment policies centrally. Ensure all deployments meet your security requirements.
Air-Gap Ready
Full functionality in disconnected environments. Perfect for classified, regulated, or isolated networks.
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a security issue, please report it to us responsibly.
Email security concerns to teams@craterunner.dev with "Security" in the subject line. We aim to acknowledge reports within 48 hours and will work with you to understand and address the issue.
Have security questions?
We're happy to discuss our security practices in detail.