Skip to main content

RunMyJob Security

This section details the additional security measures we’ve implemented for the RunMyJob service, supplementing those outlined in the Platform Security article.

Puzl implements enhanced security measures to protect the environments in which your jobs and runners do operate:

  1. Source Code Security: We ensure that all communication with the version control system to access source code is encrypted using SSH and/or HTTPS.

  2. Dynamic KVM Allocation for Jobs: Each job is executed within its own dynamically spawned Spike Instance, starting from a clean state. This ensures complete isolation and a secure, controlled environment for every job.

  3. Environment Variable Encryption: All environment variables used within your jobs are encrypted in-flight before they enter the isolated Kernel-based Virtual Machine (KVM). This ensures that they are never stored unencrypted outside of the memory.

  4. Network Isolation: Each runner and each job is isolated not only from external networks but also from each other, ensuring no cross-access or interference.

  5. No Storage of Standard Output: The standard output (stdout) of jobs is not stored, maintaining the confidentiality of the runtime data.

  6. Ephemeral Filesystem: Our system uses an ephemeral filesystem during runtime. This filesystem is completely erased after the job's completion, preventing any accidental data storage.

  7. OpenID Connect: Our system supports authentication via OpenID Connect, allowing secure access control to all user resources.