Security Best Practices

Secrets Management

• Never commit thin_config.json containing license keys.
• Use environment variables or Docker secrets for PYVORIN_THIN_LICENSE_KEY.
• Rotate license keys quarterly via the dashboard.

Access Control

• Restrict access to ~/.pyvorin/cache and ~/.pyvorin/usage with filesystem permissions.
• Run Pyvorin under a dedicated service account in production.

Audit Logging

Enable verbose logging for compliance:

export PYVORIN_LOG_LEVEL=DEBUG
pyvorin run script.py

Network Security

• Use HTTPS-only API endpoints (default).
• Pin TLS certificates in high-security environments.
• Verify the API base URL matches https://api.pyvorin.com.

Source Code Upload

• Keep PYVORIN_THIN_SEND_SOURCE=0 (default) in production.
• Enable source upload only in isolated debug environments.