> One question, how does Nimbus manage secrets/creds? Integration with KMS?
It actually depends on what type of secrets/credentials that you are referring here
- For third-party tool login credentials (e.g. the GitHub authorization that we currently support), we are handling that with OAuth. That means we don't directly store secrets/creds on our end and developers can revoke the authorization any time on that tool and/or Nimbus;
- For any secrets/credentials that may be used in environment variables and dotfiles. They are currently lives within the "workspace" scope. That means, if developers delete the workspace, the credentials will be gone, and we don't persist them at the moment.
We are actively working on persisting env variables and dotfiles as part of settings of org/template/user, and the feature will become available soon.
We are also actively working on self-hosting Nimbus on customer's cloud - so if security is the top concern in your mind, with self-host solution, any secrets/credentials will never leave your cloud (together with codebases, user data, etc.)
Happy to provide more insights if you have more questions!
Thanks for the support!
> One question, how does Nimbus manage secrets/creds? Integration with KMS?
It actually depends on what type of secrets/credentials that you are referring here
- For third-party tool login credentials (e.g. the GitHub authorization that we currently support), we are handling that with OAuth. That means we don't directly store secrets/creds on our end and developers can revoke the authorization any time on that tool and/or Nimbus;
- For any secrets/credentials that may be used in environment variables and dotfiles. They are currently lives within the "workspace" scope. That means, if developers delete the workspace, the credentials will be gone, and we don't persist them at the moment.
We are actively working on persisting env variables and dotfiles as part of settings of org/template/user, and the feature will become available soon.
We are also actively working on self-hosting Nimbus on customer's cloud - so if security is the top concern in your mind, with self-host solution, any secrets/credentials will never leave your cloud (together with codebases, user data, etc.)
Happy to provide more insights if you have more questions!