Security overview

Built-in governance and hardening

The LyftData docs outline transport security, credential handling, and operational guardrails. This page highlights the controls most teams review during security questionnaires.

Transport & platform security

  • Serve the control plane with TLS certificates via CLI flags or environment variables.
  • Workers validate certificates by default; disable only for controlled lab scenarios.
  • Encrypt disks and backups where server state, staging data, and logs are stored.

Access & authentication

  • API requests use role-scoped JWTs signed with server-managed secrets.
  • Workers require API keys or auto-enrolment secrets; both strategies are documented with rotation guidance.
  • Add SSO at the proxy layer for the UI when running on shared management networks.

Governance & auditability

  • Jobs are stored as signed bundles; workers refuse tampered configurations.
  • Run & Trace shows each action’s effect on events before you stage new versions.
  • Server logs and metrics keep deployment history and operational health visible.
  • Whitelists and proxy enforcement protect admin routes, metrics endpoints, and TLS termination.

Resources

Read the full hardening guide, request the detailed security whitepaper, or contact us for questionnaires.

Security hardening docs →Request whitepaper →