Hey everyone! We're in the process of developing a platform with a user interface that will facilitate interaction with specific cloud services. The platform is designed to manage infrastructure, provide visualizations, and offer various features for users to easily control their cloud environments.
After a lot of thought, we've opted for a self-hosted model because it gives users complete control and mitigates worries about exposing their cloud infrastructure via third-party APIs.
Here's the plan: We want to package the whole platform as a containerized solution (like Docker) so that users can deploy it on their own infrastructure. We'll protect access through a license authentication server to ensure that only authorized users can operate the software.
Now, my main worry is how to deploy this self-hosted containerized solution without exposing our source code or backend logic. Once it's running on a user's machine, there's a potential for them to access everything in the containers, which raises concerns about our intellectual property and business logic.
We did think about providing the platform as a hosted service using API calls, but that would significantly increase our operational costs and lead to more security issues, as we'd be directly interacting with users' cloud accounts.
So, my question is: What are the best practices, tools, or architectures for deploying a fully-featured, self-hosted containerized platform while protecting sensitive source code and backend logic? I have solid experience in software design, containerization, and deployment, but this is my first time deeply considering how to safeguard proprietary code in a self-hosted environment.
I appreciate any insights or suggestions! Thanks in advance!
1 Answer
Using Docker alone won't protect your source code. If your software is built with an interpreted language like Python or JavaScript, or even an easily decompiled one like Java, users can access the source even if you host it in a container. Docker doesn't serve as a barrier against that.
So, how can we tackle this? I came across IDM which operates completely offline, only checking in with a license server. Are there any references or materials you recommend for a similar approach?