Trust

Security & Isolation

How Tenki isolates customer workloads, secures CI infrastructure, and meets SOC 1 and SOC 2 Type II compliance through its parent company Luxor.

Security at Tenki rests on three pillars: ephemeral per-job VMs, isolation enforced at the hypervisor layer, and an audited compliance posture inherited from our parent company, Luxor.

Ephemeral, single-use VMs

Every job, Linux x64 or macOS, runs in a fresh VM that is provisioned at job start and destroyed at job end. VMs are never reused across jobs or across customers. There is no persistent state on the runner between jobs.

This is the property mobile-signing and supply-chain-sensitive teams typically require. Confirmed properties:

  • New filesystem on every job
  • No shared memory or process space between jobs
  • VM teardown happens immediately on job completion, regardless of success or failure
  • No background workload reuses the VM

Isolation model

Runner familyComputeIsolation
Linux x64Bare-metal AMD EPYC compute, owned and operated by TenkiEach job runs in a dedicated Firecracker microVM
macOS M4 ProApple Silicon hardware in our fabricEach job runs in an isolated VM destroyed on completion

macOS hardware is multi-tenant at the hardware level (resources are shared across customers), but jobs themselves always run in isolated VMs that are destroyed after each job. There is no shared filesystem, no shared keychain, and no shared user account between jobs.

Secrets

Tenki does not operate a secrets store. Secrets are managed by GitHub Actions and injected into the job at runtime through the standard secrets.* mechanism. See Secrets for more on the ephemeral-VM model.

Compliance

Tenki is operated by Luxor, a company founded in 2017 that is profitable and cash-flow positive with over 100 employees. Luxor holds:

  • SOC 1 Type II, renewed annually
  • SOC 2 Type II, renewed annually
  • Yearly audited financial statements

Most of Luxor's largest customers are publicly traded companies operating in the data-center (Bitcoin mining / AI-HPC) space, with the security and compliance bar that implies.

Need our SOC 2 Type II report?

Email [email protected] to request the SOC 2 Type II report under NDA.

GitHub App scopes

The two Tenki GitHub Apps (Runner and Code Reviewer) request the minimum permissions required for their respective functions. See GitHub App access levels for the full permission table and the rationale for each scope.

LinkedInProduct Hunt