Security

OwnKube is built with a security-first architecture. Your code, data, and infrastructure stay in your cloud account at all times. We operate as a control plane only.

Security principles

Least-privilege access

OwnKube only requests the minimum IAM permissions needed to manage your infrastructure

No data egress

Application data never leaves your AWS account. OwnKube operates as a control plane only — we never see your data

Encryption everywhere

All data is encrypted at rest (AWS KMS) and in transit (TLS)

Disconnect anytime

Remove OwnKube access and your infrastructure continues running on vanilla Kubernetes

Compliance

Since everything runs in your own AWS account, you maintain full control over compliance:

SOC 2 — audit your own infrastructure
HIPAA — maintain BAA with AWS directly
GDPR — full control over data residency

Vanilla infrastructure

OwnKube deploys using standard, non-proprietary infrastructure:

Amazon EKS for container orchestration
Amazon RDS for managed databases
Amazon ElastiCache for Redis
AWS ALB for load balancing
AWS Certificate Manager for TLS

No proprietary APIs or custom runtimes. Golden paths, not golden handcuffs. If you disconnect OwnKube, everything keeps running.

Getting started

Core features

Guides

Configuration

Security principles

Least-privilege access

No data egress

Encryption everywhere

Disconnect anytime

Compliance

Vanilla infrastructure

Getting started

Core features

Guides

Configuration

​Security principles

Least-privilege access

No data egress

Encryption everywhere

Disconnect anytime

​Compliance

​Vanilla infrastructure

Security principles

Compliance

Vanilla infrastructure