If you discover a potential security vulnerability in the Worker SDK, please do not open a public issue. Instead, send an email to [madgagarin@gmail.com].
The Worker SDK is a core component of the Avtomatika ecosystem, designed with security-first principles:
- Mutual TLS (mTLS): Supports client certificates for secure, authenticated communication with the Orchestrator.
- Dynamic Token Rotation: Automatically handles refreshing STS (Security Token Service) access tokens without worker restarts.
- Strict Isolation: Each task operates in its own temporary directory (
TASK_FILES_DIR). Data from one task cannot be accessed by another. - Automatic Cleanup: Temporary task data is securely wiped immediately after task completion or failure to prevent data lingering.
- Sensitive Data Protection: S3 credentials and orchestrator tokens are handled exclusively via environment variables or secure configuration objects, never logged.
See the full HLN Security Model for ecosystem-wide details.