vemlor

Security

BYO subscription, self-host option, data residency, audit trail.

BYO subscription

vemlor never resells Anthropic or OpenAI tokens. You connect your own subscription via OAuth; vemlor stores the refresh token AES-GCM encrypted with a per-install master key. Rotating that key invalidates all stored credentials.

Self-host

The hosted control plane is one deploy mode. The other is:

  • Pull registry.kenin.ch/vemlor-controlplane + vemlor-worker
  • Deploy with the deploy/vemlor/ kustomization
  • Postgres-backed, single binary control plane
  • Runner pods scheduled in a separate namespace you control

Customer data — repos, agent runs, audit logs, encrypted credentials — stays in your cluster. vemlor never phones home.

Data residency

  • Hosted: EU region by default. US region on request.
  • Self-host: whatever cluster you put it on. We don't see anything.

Audit log

Every operator action lives in the audit_log table:

  • Who (admin email)
  • What (action + target)
  • When (UTC timestamp)

Surfaced in the admin console at admin.vemlor.com/audit. Exportable as JSON via /api/admin/audit.

Secret handling

  • Session cookies: HMAC-SHA256 signed, HttpOnly + Secure + SameSite=Lax.
  • Master key: never logged, never returned by any API.
  • Agent credentials: encrypted at rest, decrypted only inside runner pods that have the workspace's grant.

Disclosure

Found a security issue? Email security@vemlor.com. PGP key at /.well-known/security.txt.

Repos

Connect GitHub via App; connect GitLab via OAuth. Self-hosted supported on both.

FAQ

Pricing, limits, common questions.

On this page

BYO subscriptionSelf-hostData residencyAudit logSecret handlingDisclosure