Skip to content

Security

Security posture across the platform: secrets, identity, network isolation, and TLS.

The platform follows a few baseline principles:

  • No secrets in Git. Everything sensitive lives in GCP Secret Manager or AWS Secrets Manager and is bridged into Kubernetes by the External Secrets Operator.
  • Workload Identity over static keys. GCP workloads authenticate via Workload Identity rather than long-lived JSON key files. The few AWS access keys that exist are scoped to a single action on a single resource.
  • Namespace + NetworkPolicy isolation. Dev (tomoda) and prod (prod) live in the same GKE cluster but in separate namespaces, with NetworkPolicies restricting ingress to the Traefik namespace.
  • TLS everywhere at the edge. cert-manager issues Let's Encrypt certificates for all ingress hosts; ACM handles CloudFront.

Start here:

  • Secrets Management

    GCP SM + AWS SM bridged via External Secrets Operator. ClusterSecretStores, ExternalSecrets, rotation.

  • IAM

    GCP service accounts, Workload Identity bindings, AWS uploader and ESO reader IAM users.

  • :material-shield-network:{ .lg .middle } Network Policies

    Pod-to-pod isolation. Backend and frontend accept ingress from Traefik only.

  • TLS

    cert-manager + Let's Encrypt for ingress. ACM for CloudFront. DNS-01 validation via Cloudflare.