securityprivacy
GoCools security model
Public security commitments and trust boundaries.
Trust boundaries
Public applications use HTTPS and application-layer authorization. Administrative access is private and protected by Cloudflare Access; production compute has no public SSH.
Credential handling
Credentials are stored in a secrets manager, scoped to the workload that needs them, and are never committed, embedded in public documentation, or emitted in logs.