Skip to main content

Security Model

On Fransys, security is not an option to enable — it's the default behavior. Every cluster, every block, every deployment is configured with security best practices from the start.

Secure by default

Regardless of your configuration, Fransys automatically applies:

  • SSL/TLS on all connections — Let's Encrypt certificates generated and renewed automatically. No application is accessible via unencrypted HTTP.
  • Network isolation — Each project is isolated at the network level. Blocks within a project communicate with each other but are invisible from other projects on the same cluster.
  • Automatically generated credentials — Database passwords, service API keys (Soketi, etc.) are generated by Fransys with strong, unique values. No default passwords.
  • Protected environment variables — Sensitive values (passwords, secrets) are hidden in the interface and stored securely.

Service isolation

Each deployed block runs in its own container, with its own resources and its own network space. This isolation ensures that:

  • A compromised block cannot access data from another unconnected block
  • A block's resources (CPU, RAM) cannot impact the performance of another
  • Communications between blocks only go through connections explicitly configured on the canvas

Database access

By default, databases are not accessible from outside the cluster. The Remote database access option must be explicitly enabled to open access — and even then, the connection is encrypted.

Rollback and resilience

  • Automatic rollback — If a deployment fails, the previous version is restored immediately
  • Continuous health checks — Fransys monitors the state of each service and redirects traffic in case of failure
  • Automatic backups — PostgreSQL data is automatically backed up with configurable retention

What you don't have to do

On Fransys, you don't have to:

  • Configure an SSL certificate
  • Write firewall rules
  • Manage secrets in an external vault
  • Harden the Kubernetes configuration
  • Configure network isolation between services

Everything is applied natively. You focus on your code — Fransys secures the infrastructure.