Get Started/Investigating issues
Investigating issues
Drum is designed to keep apps isolated and credentials protected by default.
API keys
Treat API keys like passwords. Store them securely, avoid committing them to source control, and rotate keys if they may have been exposed.
App isolation
Apps run as separate services. Apps in the same project can communicate over the project private network, but unrelated projects should be kept separate.
Secrets
Use environment variables for runtime secrets. Only add values that the app needs, and avoid exposing secrets in logs, screenshots, or support requests.
HTTPS
Use HTTPS for dashboard, API, and app traffic wherever possible. API requests should always be made over HTTPS.