Skip to content
Greenlight by Shift AI

Security posture

For security reviewers

Greenlight is self-hosted in your cloud subscription, authenticated through your identity provider, and runs entirely on your network. It gives IT a continuous, auditable governance plane over the apps your employees build with coding agents.

Off-cloud · not in your perimeterYour cloud subscription · your network perimeterCoding agentYour source controlEnd users via SSOGreenlight control planepolicy check · broker · audit · IdPPer-app environmentsnamespace · DB · blob · workload identityYour internal systemsSalesforceSnowflakeSlack deploys + governsegress only via brokerbroker → upstreamMCP · webhooks · SSO

At a glance

Self-hosted in your cloud

Greenlight installs into your Azure subscription with a Bicep template. AWS and GCP are planned provider targets behind the same provider-interface model. Your data and end users never leave your perimeter.

Authenticated by your IdP

OIDC SSO integrates with Entra ID, Okta, and Google Workspace today. SAML and SCIM are coming soon.

Every change is reviewed

Apps are delivered through pull requests, and every pull request runs through a single Greenlight policy check that covers secrets, code analysis, container vulnerabilities, and your org policy bundle.

Every action is audited

An append-only audit log records platform, agent, and IT actions. Search, export, SIEM forwarding, and tamper-evident chaining are on the roadmap.

The seven things buyers ask

Where does our data live?

In your cloud subscription, behind your VPC. Apps deploy into dedicated environments with network policies that only permit egress to the data broker, which itself lives in your network. The control plane runs alongside it. See Network isolation.

Who has admin access?

Whoever your identity provider says is in the org_owner group. Greenlight has no superuser account, no recovery key for Shift staff, and no shadow directory of its own. See Identity & access.

How are secrets stored?

Integration credentials and sensitive environment variables sit in Key Vault, never in the control-plane database. Apps authenticate using workload identity rather than static service-account credentials. Admins can see that a secret exists; they cannot read its value. See Secrets management.

What’s the audit story?

Every platform, agent, and IT action emits an audit event with actor, target, diff, and reason. The log is append-only today. Audit search, CSV/JSON export, SIEM forwarding, WORM storage, and HMAC chaining are coming soon. See Audit & evidence.

What attack surface does Greenlight add?

The control plane is a small set of HTTP services your IT team operates inside your cloud. The data broker proxies outbound calls but does not hold plaintext credentials beyond the in-memory exchange window. A full breakdown of actors, trust boundaries, and scenarios lives in Threat model.

Is Greenlight SOC 2 or HIPAA?

Greenlight is built to integrate cleanly with the compliance frameworks your organization already operates under. The platform’s role is to produce governance evidence inside the customer-owned install; certifications belong to the operating organization. Formal compliance packets are coming soon. See Compliance.

What happens if Greenlight goes down?

Running apps continue to run. They have their own pods, their own data, and the data broker keeps serving cached integration metadata through a typical control-plane outage. New deployments and policy changes pause until the control plane recovers, and killing an app remains possible via the cloud provider’s normal Kubernetes controls even with Greenlight offline.

Next

Identity & access OIDC SSO, RBAC, workload identity, and upcoming SAML/SCIM support.
Network isolation Namespaces, NetworkPolicy, and egress controls.
Secrets management Key Vault, workload identity, and no plaintext at rest.
Audit & evidence The evidence trail your auditors will ask for.
Threat model Actors, boundaries, and scenarios.
Compliance What the current evidence model supports, and what is coming soon.