Security
Security that starts with on-premise
Enterprise automation touches sensitive systems. Exekra is built so the most sensitive parts never leave your infrastructure.
On-Premise by Default
The Hub, Runners, and your workflow data run entirely on infrastructure you control. Your data never leaves your network.
Your Database, Your Keys
The Hub connects to PostgreSQL running in your environment. Credentials stored in the Hub are encrypted; the encryption key lives with you.
Cryptographically Signed Licenses
Every license file is signed. The Hub verifies the signature before honoring the license, preventing tampering.
HMAC-Protected License Cache
Runners cache license state locally using an HMAC keyed against the operating system's protected storage, so offline grace periods cannot be forged.
Layered Runtime Protection
Path-traversal checks on file operations, expression evaluator sandboxing, timing-safe webhook secret comparison, and rate-limited local APIs.
Source Protection
Hub backend and Runner main process ship as V8 bytecode. The installer scripts and license validation logic are compiled to reduce tampering surface.
Compliance
Because Exekra runs on your infrastructure, your deployment inherits the compliance posture of your environment. Formal SOC 2 certification and ISO 27001 alignment are on our roadmap; until then, we are transparent about what we do today. If your procurement team needs specific documentation, contact us and we will share what is available.
[email protected]