Just started exploring pipedream which is very appealing as it is more developer oriented than other platforms I have been using.
Quick question regarding usage of secrets - such as username/passwords, auth tokens etc within pipedream.
How secure it is to use the credentials within the app? Is there any way anyone from pipedream can access these details if we configure them in the pipeline?
Similar question with respect to datastore. Datastore is quite useful as I see it. But, I would like to know if it is safe to use it for sensitive information?
Or is there any other way where I can store and use my sensitive information within pipedream?
Thanks very much for support. Really promising product.
Re: #1, take a look at our security docs on credentials and key-based grants. Data stores are also encrypted at rest. You can always encrypt data you send to Pipedream and store in the data store with your own encryption keys (e.g. using a service like AWS KMS) as an added layer of protection. It’s likely we’ll provide the option to bring-your-own-keys in the future, again similar to how AWS lets you create and manage your own encryption keys via KMS.
We’re prepping for our SOC 2 Type II and are also happy to share policies with customers when that’s done. The report will articulate our policies and controls on sensitive data in greater detail. I’d recommend following that issue if you’re interested. We’ll also expand our security docs at that time.
Thanks a lot for quick response. Will look a the documents to understand it better. I also saw an option where I can tick yes/no to give access to my workflows to pipedream team for debugging. Looking at this, I believe the team do not have access to see what is happening inside the workflows (unless I provide access)