LogoLogo
  • Welcome
  • Getting Started
    • What's Warp?
    • Quickstart
      • Install the Prerequisites
      • Create and Configure Your Project
      • Gather Your Credentials
        • Get Your Azure DevOps Credentials
        • Get Your GitHub Credentials
        • Confirm That You’ve Gathered Your Credentials
      • Set Up Your Vault
      • Scan Your Sources for Repositories
      • Migrate a Repository
  • Product
    • Core Concepts
    • Roadmap
  • Migrations
    • Azure DevOps
      • Service Connections
      • Limitations
  • Using Warp
    • Projects
      • Dashboard
      • Team
      • Capacity
      • Settings
    • Migration HQ
      • Issues
        • Issue Page
      • Labels
      • Warpspaces
    • Slash Commands
      • Global
        • /help
      • Migration
        • /migrate
        • /rename-destination
      • Backlog Issue
        • /refresh
      • Azure DevOps
        • /rewire-pipeline
        • /rewire-all-pipelines
        • /integrate-boards
        • /autolink-work-items
        • /lock-ado-repo
        • /disable-ado-repo
      • GitHub
        • /add-team
    • Support
      • Copilot for Warp
      • Partners
      • Knowledge Base
  • Security
    • Security at Packfiles
    • Warp's Security Model
      • Credential Management
      • Private Compute
      • Data Privacy
  • Billing & Licensing
    • Overview
    • Trial Mode
Powered by GitBook
LogoLogo

Helpful Links

  • Get Warp
  • Terms of Service
  • Privacy Policy

© 2025 Packfiles Inc

On this page
  • Credential Management
  • Private Compute
  • Data Privacy

Was this helpful?

Edit on GitHub
Export as PDF
  1. Security

Warp's Security Model

Learn about Warp's Secure Design

Much has been said about "Zero-Trust" security architecture, but in practice, few vendors are able to truly deliver on that vision. Doing so requires a deep commitment to protecting the security and confidentiality of customer data, along with the drive and technical skill needed to solve the host of engineering challenges that make it possible to deliver scalable, resilient systems with these properties.

When we originally set out to design Warp, we were met with the following security challenges:

  • Most migration tools, including first-party tools published by GitHub, require a combination of many highly privileged credentials to perform their work.

  • Any individual operating migration tools, whether for their own use or on behalf of another organization, is required to have the privileged credentials mentioned previously to carry out migration tasks.

    • Due to the privileged nature of these credentials, the number of these individuals is typically small, further constraining the throughput of the migration process.

  • Because migrations necessarily involve the processing of nearly all an organization's software artifacts, including those of a business-critical or trade-secret nature, customers require the utmost transparency, security, and governance of these processes.

Based on these challenges, we identified the following key problems to solve:

  • Storing and managing credentials securely,

  • Executing migration tools without exposing credentials or compromising the integrity of the runtime environment, and

  • Ensuring the confidentiality, integrity, and privacy of customer data.

Credential Management

To solve the problem of securing the management and storage of credentials, Warp's Vault protects your key material with end-to-end encryption.

When you use Warp, your credentials, along with the key used to encrypt the Vault that contains them, are never known to Packfiles. Your key material is encrypted and maintained exclusively in your GitHub environment, on infrastructure you control, and is never stored or processed on Packfiles' infrastructure or in a form accessible by our staff.

To learn more about the Vault, have a look at the Credential Management section.

Private Compute

To execute migration tools and processes securely, while also placing control in the hands of our customers, we designed the Warp Runner Agent.

When you use Warp to invoke any process that operates on your source environment, it's carried out by the Warp Runner Agent. The Warp Runner Agent executes exclusively in your environment, on infrastructure you own and control.

The Warp Runner Agent is the only component of Warp responsible for invoking migration tools and connecting to your source environment. To learn about the security properties of its design, check out the Private Compute section.

Data Privacy

We've taken strong and intentional steps to ensure the confidentiality and privacy of our customers' data. Review the Data Privacy section to learn about our commitments and safeguards.

PreviousSecurity at PackfilesNextCredential Management

Last updated 29 days ago

Was this helpful?