Security
Security model
AppFleet is built around safe operational metadata and a zero-secret browser boundary.
Browser metadata only
Hosted pages store project facts, URLs, aliases, and diagnostics. They do not ask for plaintext credential values.
Secrets stay local
Credential values belong in CLI-controlled encrypted flows. AppFleet Cloud should not receive master passwords or decrypted secret material.
Report a concern
Email security@appfleet.xyz. Please do not include live secrets in the report.
