Security

At Oneplane, security is fundamental to how we operate. Our platform is designed to enable secure multi-cloud deployment while ensuring that customer data and infrastructure access remain protected, auditable, and under your full control.

We are dedicated to maintaining security, transparency, and operational integrity across every layer of the platform.

Oneplane uses customer-provided access tokens to securely interact with supported cloud providers. Tokens are supplied during integration and scoped according to each provider’s recommended permissions. Access is explicitly authorized, fully transparent, and always under your control.

a. Token Management and Encryption

• Access tokens are managed per user and per provider, and are never shared across tenants or services.
• Oneplane does not generate credentials; access is granted only through tokens you create and provide.
• Tokens are stored using AES-256 encryption, isolated per organization, and never visible in plaintext to any internal system or employee.
• All tokens are encrypted at rest and transmitted securely over TLS 1.2+.
• Tokens are only accessible to isolated, ephemeral orchestration processes responsible for deployments.

b. Access Control and Revocation

• You retain full control over token validity and scope at all times.
• Access can be revoked immediately by removing the token from Oneplane or invalidating it at your cloud provider.
• Removing linked roles or access stacks also terminates Oneplane’s authorization instantly.

c. Zero Employee Access

• Our internal systems and security policies strictly prohibit employee access to your cloud credentials or cloud environments.

All orchestration and deployment activities are executed strictly within your own cloud environment. Oneplane does not transfer, store, or replicate your application data outside of your cloud accounts. Your infrastructure and data remain under your control at all times.

Oneplane’s infrastructure is designed for isolation, resilience, and security. All orchestration tasks are run within hardened environments and customer-specific segments to ensure strong logical separation.

• Deployment actions are executed in isolated, short-lived containers with no persistent access.
• Sensitive operations are protected by multi-factor authentication (MFA) and governed by time-bound policies.
• All access events are continuously logged, monitored, and evaluated by automated threat detection systems.

Oneplane enforces strict internal controls to protect customer environments and production systems.

• Employee access to production systems is tightly restricted, logged, and reviewed regularly.
• All internal access requires hardware-backed multi-factor authentication and VPN enforcement.
• Security awareness training and access audits are conducted on a recurring basis across all teams.

We welcome collaboration from the security community. Oneplane operates a responsible disclosure program and encourages security researchers and customers to report vulnerabilities or concerns.

To report an issue, please contact our security team at [email protected].