Itura is designed with security as a top priority, ensuring your agentic applications run in a safe and protected environment. Here’s an overview of our security measures:

Secure Execution Environment

  • Containerization: Your agent code runs within isolated Docker containers. This containerization ensures that each agent execution is completely segregated from the underlying infrastructure and other agent instances, preventing interference or unauthorized access.
  • Serverless Architecture: Itura’s serverless nature means you don’t manage servers directly, reducing the attack surface associated with traditional infrastructure management. We handle the underlying security patching and maintenance.

Data Security and Communication

  • No Data Storage: Itura is designed to be stateless regarding your operational data. Sensitive data processed by your agent is not stored on Itura’s infrastructure beyond the execution lifecycle. You control where your agent sends or stores its results.
  • Encrypted Communication: All communication with the Itura platform and your agent endpoints is encrypted using industry-standard protocols (HTTPS/TLS) to protect data in transit.

While operational data is not automatically stored, the logs are stored and can be viewed in the Itura UI. So, ensure you don’t log any sensitive information.

Access Control

  • Secret API Keys: Each deployed agent is assigned one or more unique, secret API keys. A secret API key is required to invoke the agent’s endpoint via the Authorization: Bearer <your_api_key> header, ensuring only authorized clients can interact with your agent.
  • Secure API Key Management: API keys and other sensitive configurations (like third-party service keys) should be managed securely using Itura’s environment variable system. Environment variables are injected securely into your agent’s runtime environment, avoiding the need to hardcode secrets in your codebase.

Do not store secrets in your source code repository. Instead, use the Itura environment variable system to manage secrets.

Environment Variable Security

  • Itura provides a secure way to manage secrets and configuration needed by your agent at runtime.
  • Add sensitive information, such as API keys or database credentials, as environment variables through the Itura UI.
  • These variables are securely injected into the agent’s execution environment when it runs, keeping them out of your source code repository.

By combining container isolation, encrypted communication, secure key management, and a serverless approach, Itura aims to provide a robust security posture for your agentic applications.

Reporting Security Issues

Itura is committed to the responsible disclosure of security vulnerabilities. Kindly DO NOT open a public GitHub issue to report security concerns. Instead, please contact us at security@itura.ai.