Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-08-04 13:48:56 +02:00
Code Issues Projects Releases Wiki Activity

initial Edge section added to security doc

Browse Source
This commit is contained in:
Nnenna Ndukwe 2025-03-18 09:00:30 -04:00
parent 99fcdb1f23
commit 9506d17534
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
website/docs/feature-flag-tutorials/use-cases/security-compliance.md
View File

@ -193,6 +193,18 @@ This is a potential attack surface area that you wouldnt want to be the root
With Unleash, you can architect your feature flagging solution in a way that all user data stays within your applications. When using server-side SDKs, user data remains within your application and is never shared with the Unleash server regardless of your setup. For client-side SDKs, you can retain all user data within your applications by either [self-hosting Unleash](/understanding-unleash/proxy-hosting#you-host-everything), or [self-hosting Unleash Edge](/understanding-unleash/proxy-hosting#unleash-hosts-the-api-you-host-edge). Read more on the [Unleash architecture here](/understanding-unleash/unleash-overview).
### Use Unleash Edge for enterprise-grade data privacy
To take data privacy, scalability, high performance, and resiliency to the next level for large enterprises, we built Unleash Edge, a lightweight proxy layer between your Unleash API and SDKs. You can deploy Unleash Edge within your own infrastructure so PII and sensitive context data never leave your network boundary.
Unleash Edge operates as a local evaluation point for feature flags, meaning that the evaluation of flags and user context data happens within your infrastructure. It takes a copy of your feature flag data locally and by default, it uses an in-memory cache to store the features it fetches from your Unleash instance. Another benefit to Edge functioning as a local evaluation point is preventing performance issues in one part of your system from affecting others and maintaining service level agreements required by compliance frameworks.
Edge allows you to decide what you expose to the world. You only have to expose one project (or a predefined set of projects) and environments through Edge. Nothing else will be exposed. In our cloud, if this is combined with an IP Allow List for the Unleash instance and Hosted Edge, this means you are reducing the attack surface significantly.
With Unleash Enterprise Edge, you can keep your core Unleash service hidden from the internet while evaluating feature flags at the edge for better performance and scalability. Each Edge instance can be scoped to specific projects or environments, enforcing the least privileged access and tight network segmentation. Unleash Enterprise Edge cannot access the Unleash Admin API, minimizing the impact of compromised clients or credentials.
When your regulated environments require continuous service availability, use persistent storage options through Redis or local backup files, ensuring your feature flag system remains operational even if the Unleash server is temporarily unreachable. Refer to our Edge Concepts for more architecture and setup information.
The tutorial so far has focused on how you can use the features of Unleash to improve your application's security posture, making sure that feature flags are not the weak link. But what about Unleash itself, as a company and SaaS service? You might be asking…
## Can Unleash itself pass a security audit?