InfraDesk is read-only by default. No resource is changed without explicit approval. No credentials are stored in the browser.
InfraDesk connects via read-only IAM roles and read-only API tokens. No write permissions are requested unless you explicitly enable optional remediation actions.
All third-party API keys and tokens (Cloudflare, OpenAI, Datadog, MongoDB Atlas) are encrypted using AES-256-GCM before database storage. Keys are decrypted only server-side during sync operations. Keys are never returned to the browser.
InfraDesk never stores API keys, tokens, or credentials in localStorage, sessionStorage, or browser cookies. All credential handling is server-side only.
All API key and token validation happens server-side. Credentials are validated before encryption and storage. Invalid credentials are rejected without storage.
No AWS resource, Cloudflare setting, OpenAI configuration, Datadog monitor, or MongoDB Atlas cluster is changed without your explicit review and approval. InfraDesk is a decision layer, not an automation engine.
InfraDesk never automatically deletes resources. Every cleanup action requires manual review and approval. Root volumes and high-risk resources are always protected.
Every review, approval, dismissal, snooze, and export is recorded in the audit trail with actor, timestamp, risk level, and evidence snapshot. Audit logs are immutable.
For OpenAI integration, InfraDesk reads only organisation-level usage and cost metadata. No prompt bodies, response bodies, conversation content, files, threads, or personal data are stored.
You can disconnect any integration at any time from /dashboard/integrations. Disconnecting removes the encrypted key from our database and revokes the local connection state.
All integration data (Cloudflare, OpenAI, Datadog, MongoDB Atlas, feedback) is protected by Supabase Row-Level Security. Users can only access their own records.