Security
Security in AutoBP centers on local execution, encrypted credentials, scoped environments, guarded AI actions, and careful handling of HR data.
Credential And Environment Safety
Environment credentials should only be configured by authorized users. Passwords and secrets are encrypted at rest and should never be copied into step code, prompts, screenshots, or exported Git assets.
Create separate environments for Sandbox, Preview, and Production.
Limit production credential access to users who need it.
Use variables and secret fields instead of hard-coded values.
Review logs before sharing execution artifacts externally.
AI Guardrails
AI can help choose tools, generate code, and prepare previews, but execution should remain explicit and reviewable. Parameter confirmation, preview screens, and deterministic runner behavior are the control points.
Practical Tips
- Keep prompts specific enough to avoid broad data access.
- Use preview/confirm flows for BP execution and Smart EIB.
- Treat imported HR reports as sensitive local data.
Artifact And Data Handling
Screenshots, videos, downloaded report files, generated workbooks, and logs can contain employee data. Treat them as controlled artifacts and avoid sharing them outside approved channels.
Review artifacts before attaching them to tickets or emails.
Remove stale imported reports after they are no longer needed.
Avoid exporting full datasets when a filtered subset is enough.
Confirm Git Sync does not include secrets or inappropriate data assets.
Production Use
Production execution should be deliberately narrower than sandbox execution. Use named environments, reviewed templates, smaller row sets, and clear run ownership.
Practical Tips
- Use sandbox to validate every new workflow first.
- Restrict production environments to authorized users.
- Keep production Smart EIB exports behind human review.