Security Practices

This article describes all security aspects of Aptakube

1. Distribution

  • Aptakube is a desktop application that runs on your computer;
  • Aptakube does not require any installation on your servers cluster, which means it does not have access to the private network on which your cluster is running;
  • Aptakube is digitally signed on Windows, as well as digitally signed, and notarized by Apple before distribution;
  • Updates are automatically managed by the Aptakube and a digital signature is used to verify the integrity of the update before installing it;

2. Connectivity

  • Aptakube uses your local kubeconfig file to connect and authenticate to your cluster, which is exactly how other tools such as kubectl work;
  • Connections are open directly to your cluster and are always encrypted, there is no middleman;
  • Aptakube can also be used in environments where a proxy and/or VPN are required for accessing the cluster;
  • Aptakube cannot bypass Kubernetes RBAC defined by your cluster administrator; For example, if a user doesn't have access to view logs, connect to a container or view secrets, they will not be able to do so in Aptakube either;

3. Data

  • Aptakube does not modify any of your local kubeconfig files, it only reads them;
  • Data obtained by Aptakube from your cluster is:
    • Always stored in-memory, and once the application is closed, all data is lost;
    • Never sent to ours or any other servers;
  • Container logs are streamed directly from your cluster to Aptakube and also stored in-memory;
  • Shell connections to containers in your cluster are offloaded to kubectl session a dedicated terminal window;

Need something more?

If you have any questions about this, please contact us at hello@aptakube.com.