Security & Privacy¶
This page outlines Coiled’s security and privacy policies.
When you set up Coiled with the
coiled login command
line utility, your account username and token are stored in a local
configuration file. This username and token combination gives access to run
computations from a Coiled account and should be treated like a password.
Coiled generates TLS certificates on a per-cluster basis which are used to manage access to each cluster’s Dask scheduler and workers. These certificates are stored encrypted in our database. Additionally, the scheduler and workers for a cluster use secure communication between them and are isolated by AWS networking security groups.
If a higher level of security is required for your application, please contact email@example.com to inquire about deploying Coiled on your internal systems.
Run in your infrastructure¶
By default, Coiled computations are run within our managed cloud environments. For additional security, you can configure Coiled to deploy compute resources on infrastructure that you control (e.g., within your own AWS account). In this configuration, the control plane is still managed by Coiled, but all compute resources that work with sensitive data will be running within your VPC.
See Backends for more information.
Often Dask workers in a cluster will need AWS permissions to access private data or private AWS services. To address this need, Coiled will use the AWS credentials from your account to generate a session token and then forward that token to the Dask workers in your cluster.
Note that having local AWS credentials is not required to use use Coiled. However, in this case only publicly accessible data and services will be available to your cluster.
Coiled collects basic user data when you create an account, like your name, e-mail address, username, and social login. Additionally, Coiled collects and stores telemetry data from your Dask clusters, similar to the information that is displayed in the Dask dashboard. We are working to expose this aggregated information to you across several runs in our web interface.