Security

In case you find a security issue or have something you would like to discuss, refer to our security policy.

Private environments

Preevy can add an authentication layer to your provisioned environments. When you configure your service as private the Tunnel Server restricts access based on a pre-shared secret or a Livecycle login (SSO via Google/Microsoft/GitHub).

Exposure of preview environments

Services on provisioned environments are not exposed directly, but rather via a tunnel created by the tunneling server.

Livecycle access to data

When you use Preevy, Livecycle does not get access to your credentials or code. Preevy only uses your cloud provider or Kubernetes credentials to provision and connect to environments - it does not send or store the credentials.

Encrypted traffic to and from your environments goes through Preevy's Tunnel Server. Livecycle hosts the default Tunnel Server at livecycle.run which is available as part of Livecycle's SaaS offering. Like most SaaS providers, we keep logs for monitoring and troubleshooting purposes which include metadata of the requests. The Tunnel Server code is part of the Preevy OSS project; you can run it on your own infrastructure and specify the its address via the --tunnel-url flag.

Network isolation

The Tunnel Server can be deployed on your private network (e.g. VPC), which access to your environments at the network level.