Security and credentials¶
Threat model¶
DataMuru runs with the permissions of its configured Databricks identity. A compromised token or CI runner can perform every operation that identity can perform.
Credential rules¶
- Store credentials in environment variables or a secret manager.
- Use separate credentials for development and production.
- Grant least privilege.
- Rotate credentials regularly and after any suspected exposure.
- Never place credentials in YAML, state, saved plans, examples, logs, or issue reports.
Repository rules¶
- Ignore
.datamuru/, virtual environments, build output, and local overrides. - Use sanitized workspace URLs and resource names in public examples.
- Run secret scanning before every public release.
- Keep Enterprise implementation and customer runbooks in the private repository.
Operational controls¶
- Protect the branch that publishes PyPI releases.
- Restrict access to the GitHub
pypienvironment. - Review release tags before publication.
- Retain audit logs from GitHub, PyPI, and Databricks.
- Use saved plans and approvals for shared environments.
Incident response¶
If a credential is exposed:
- revoke or rotate it immediately;
- inspect provider audit logs;
- remove it from current files and Git history as required;
- invalidate derived credentials;
- document impact and corrective controls.