On premises first
At WunderGraph we're very concerned about security. If we were to use a service like WunderGraph in a scenario with sensitive data ourselves we would want to run it in our own infrastructure.
For these reasons we decided to build WunderGraph in a on premises first way.
The console is a configuration only tool. It does all the things required to configure your projects, apply datasource transformations, propagate configurations, etc. It's a rather complex stack to operate and also our secret sauce so we don't want you to operate it.
Keep in mind that you should not store any secrets in the WunderGraph console. You can always rely on environment variables that you supply to your on premises WunderNode.
So instead of storing a secret API key in the console you can use this syntax to use the Environment of the WunderNode instead:
Add the following .env file to your WunderNode and you're good to go.
With this pattern you can ensure to never lose your secrets to WunderGraph.
It's cloud native, you can deploy it anywhere you want, but most importantly you don't have to rely on us to run and operate. In the future we might decide to run WunderNodes for you but this requires careful preparation to secure your data and our systems as well.
Deploying a WunderNode is as simple as a docker-compose up.
What data gets exposed to which system?
Through the console you store your datasources & applications on our systems. Make sure to never store any secrets! We're trying to keep our systems as secure as possible but we cannot lose something if we never had access to it.
Your WunderNodes authenticate themselves against our systems and then poll for a new configuration
Your WunderNodes send us stack traces using sentry in case it crashed and you did not opt out. This is to improve the quality of the component. We don't get any data through this, we just see where in the code the problem occured.
We do not see your data
Your WunderNodes never send any information about traffic to any of our systems. We don't see your traffic nor do we see your data and we don't want to.