Zero Trust
Four ideas we are standardizing on:
1. Log
Section titled “1. Log”Production changes leave a reviewable trail—GitHub commits, Actions runs, and deploy history—not one-off laptop deploys.
2. Minimum permissions
Section titled “2. Minimum permissions”People and automation get only what they need for their tier: separate Fly orgs, scoped tokens, and IAM aligned to the job—not broad production access for daily dev work.
3. Verify
Section titled “3. Verify”Never trust the network by default. APIs reach users through Cloudflare Tunnel and private .internal origins; access is explicit, not “already inside the firewall.”
4. Automate production
Section titled “4. Automate production”Production deploys run through CI/CD on main (fly-deploy-main.yml). No flyctl deploy to the production org from a developer machine.