Cookie settings

We use cookies

Necessary cookies keep the website working and store your choice. With your consent, we can also use functional cookies to remember the theme preference and analytics cookies to measure website usage.

You can accept optional cookies all at once, reject them, or choose individual categories. You can change your consent later; details are available in the Cookies Policy.

LaraDep LaraDep
Čeština Čeština English English Deutsch Deutsch
LaraDep early access is open for the first interested teams. Request access

LaraDep Documentation

You are reading Self-hosted mode

Access control and security in self-hosted mode

Practical governance for direct operations: roles, permissions, MFA, secret handling and auditable change flow.

Security foundation for self-hosted mode

Self-hosted mode gives control and requires stronger internal discipline. Without clear safeguards, direct infrastructure ownership can quickly become unmanaged. This page sets a practical security baseline.

Purpose and assumptions

  • Purpose: build a secure, repeatable and auditable workflow for regular operations.
  • Assumptions: dedicated instance, workspace model, and reviewable run history are available.
  • What to set up: role policy, SSH/credential flow, approval policy and incident routine.

Security building blocks

  1. Role segmentation — separate administration, operators and observers.
  2. Secret policy — store sensitive data in protected stores and avoid ad-hoc sharing.
  3. MFA and auth hardening — critical roles should require stronger authentication.
  4. Change ownership — each change must have initiator, executor, and reviewer.
  5. Post-incident discipline — every incident gets a note, impact review and prevention action.

Operational flow

  1. Set least-privilege access per operational scope.
  2. Separate environments by sensitivity.
  3. Run preflight checks before each deployment.
  4. Capture run notes with reason, approvals and communication references.
  5. Review role assignments quarterly and remove stale privileges.

Security checklist

  • Are roles aligned with actual operating responsibilities?
  • Is secret handling consistently documented and tested?
  • Are critical roles protected by MFA and token rotation policy?
  • Can environment transitions be traced from start to completion?
  • Is incident response and rollback process defined and practiced?

Common mistakes

  • Informal credential sharing outside approved channels.
  • Blurring production and staging permissions.
  • Running changes without explicit scope.
  • Missing notes for high-impact deployments.

Next steps

Next step: Review self-hosted governance before your first production run.

Subscribe to our Newsletter

Stay updated with our latest news and articles by subscribing to our newsletter.

Esc Close