AppFleet

Security

Security model

AppFleet is built around safe operational metadata and a zero-secret browser boundary.

Browser metadata only

Hosted pages store project facts, URLs, aliases, and diagnostics. They do not ask for plaintext credential values.

Secrets stay local

Credential values belong in CLI-controlled encrypted flows. AppFleet Cloud should not receive master passwords or decrypted secret material.

Report a concern

Email security@appfleet.xyz. Please do not include live secrets in the report.