Originally published at orquesta.live/blog/security-by-default-keeping-code-local-for-safety
In a development environment where data breaches and leaks are increasingly common, the emphasis on local execution over cloud-based sandboxes is more crucial than ever. As the developer behind Orquesta, I understand the importance of keeping your code and data securely within your infrastructure. Here, we'll examine why executing code locally is a safer alternative and how features like AES-256 encrypted credentials, full audit trails, and quality gates with team sign-off provide unparalleled security.
The Case for Local Execution
Local execution is about control. When code remains on your infrastructure, you're not just retaining ownership of your intellectual property; you're actively protecting it from external threats. By leveraging the processing power of your own machines, as Orquesta does with our local AI agent running Claude CLI, code execution is not only faster but more secure.
- Control Over Data: Data breaches often occur in cloud environments due to misconfigurations or vulnerabilities. Local execution means your data never leaves your premises, reducing the attack surface significantly.
- Performance: Local execution allows you to utilize your existing hardware. This not only saves costs associated with cloud usage but also ensures that your data processing speeds are optimized.
AES-256 Encryption: Keeping Credentials Safe
The security of credentials is paramount. With AES-256 encryption, Orquesta ensures that all sensitive data, including API keys and authentication credentials, is securely stored and transmitted. AES-256 is a symmetric encryption algorithm that is widely used for its high level of security and speed.
# Sample pseudocode for AES-256 encryption
import AES
key = generate_key()
encrypted_data = AES.encrypt(data, key)
This encryption standard ensures that even if data is intercepted, it remains unreadable without the proper key.
Full Audit Trails: Accountability and Transparency
An audit trail is a security feature that records every action taken within a system. Orquesta provides a full audit trail of all prompts, actions, and changes. This transparency is vital for debugging, compliance, and understanding the history of code execution.
- Prompts and Logs: Every prompt submitted and action taken is logged. This means you can trace back every step of your development process.
- Diffs and Costs: You have access to diffs of code changes, allowing you to see exactly what has changed and how much it cost in terms of processing and time.
Quality Gates with Team Sign-Off
Quality gates are checkpoints in the development workflow where code is reviewed and approved before it can proceed. In Orquesta, these gates are not just for code quality but are integral to security.
- AI Simulation: Our AI simulates every change before it's executed. This preemptive validation ensures that only safe and expected changes are applied.
- Team Approval: Team leads must sign off on changes before they are executed. This additional layer of oversight guarantees that no unauthorized actions are taken.
Team Collaboration and Role-Based Permissions
Collaboration on Orquesta is designed with security in mind. By setting role-based permissions, you can control who has the ability to submit prompts, review code, or sign off on changes. This minimizes the risk of unauthorized access and changes.
# Example of role-based permission setup
team.add_member(user, role="developer")
role.set_permissions("developer", can_submit_prompts=True, can_approve=False)
Conclusion: Security as a Foundation
When building Orquesta, we prioritized security by default, ensuring that all aspects of code execution and management are as safe as possible. By keeping code local, encrypting sensitive data, and maintaining comprehensive audit trails, we're providing developers with the tools they need to keep their code secure. Local execution not only keeps your code safe but also allows for a more controlled, efficient, and transparent development process.
Top comments (0)