Docs are currently under contruction.
Get Started/Investigating issues

Investigating issues

Drum is designed to keep apps isolated and credentials protected by default.

API keys

Treat API keys like passwords. Store them securely, avoid committing them to source control, and rotate keys if they may have been exposed.

App isolation

Apps run as separate services. Apps in the same project can communicate over the project private network, but unrelated projects should be kept separate.

Secrets

Use environment variables for runtime secrets. Only add values that the app needs, and avoid exposing secrets in logs, screenshots, or support requests.

HTTPS

Use HTTPS for dashboard, API, and app traffic wherever possible. API requests should always be made over HTTPS.

On this page