Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tensor9.com/llms.txt

Use this file to discover all available pages before exploring further.

Every design decision starts from the principle that your infrastructure, your credentials, and your data stay under your control.

Core Principles

Your Credentials Never Leave Your Infrastructure

When the application needs secrets (API keys, passwords, tokens), you create them directly in your own cluster or cloud secret manager. The controller running in your environment detects them automatically. We never see, transmit, or store your secret values. This eliminates an entire class of security concerns:
  • No credential leaks on our side - we never had the credentials
  • No “rotate the credentials you gave us” conversations
  • No incident response for a credential breach we caused

No Inbound Network Access

The controller in your environment communicates outbound only. No inbound ports are opened, no public IPs are assigned (for VM deployments), and no ingress rules are created for the controller itself. All communication between the controller and our systems is initiated from your side. This is true during deployments of the application as well. The controller establishes a secure mutual TLS connection to our deployment orchestration service. Our infrastructure and your controller must both verify the authenticity of each other’s certificate generated during setup in order to establish this connection. When a deployment is ready, our deployment orchestration sends requests over this connection to your controller to update the application’s infrastructure.

The Trust Boundary

Trust boundary between your infrastructure and ours

What We Can See

  • Whether the controller is online and healthy
  • Deployment status (succeeded, failed, in progress)
  • Which secrets exist (but not their values)
  • Application health metrics (if telemetry is enabled - see below)

What We Cannot See

  • Your secret values (API keys, passwords, tokens)
  • Network traffic within your environment

Telemetry

If you and we agree to enable application telemetry, the controller can forward operational metrics (CPU usage, error rates, latency) to our monitoring systems. This is:
  • Off by default - only enabled when both parties agree
  • Limited to application metrics - no access to your infrastructure metrics
  • Configurable - you control what gets forwarded

Detailed Topics