Atlas
Menu
Features Security Pricing
Sign in
Get started
Enterprise-grade security

Security you can explain to auditors

Atlas orchestrates agents — you decide where secrets live, what can run, and who must approve it. No root keys required.

Credential custody

Your keys. Your vault. Your runner.

Skeptical about handing over SSH keys? Choose how much trust you place in Atlas storage — from zero custody to encrypted dedicated keypairs.

Customer-hosted runner

Run the sidecar in your VPC. SSH keys and the Cursor runtime never leave your network — Atlas is orchestration only.

Runner-local keys

Atlas stores a reference path, not PEM bytes. Private material stays on your runner and is resolved at task time.

Vault references

Point at HashiCorp Vault, AWS Secrets Manager, or env vars on the runner. Atlas is not your secrets store.

Atlas-generated keypairs

Dedicated ed25519 keys for a low-privilege atlas-ops user — you add only the public key to authorized_keys.

Revocable by you: Remove the public key from authorized_keys, delete the PEM on your runner, or revoke the vault secret — access stops immediately, without waiting on Atlas.

Tenant isolation

  • Dedicated database per organisation — no shared tables between customers.
  • Per-tenant encryption keys provisioned automatically at signup.
  • Subdomain-scoped workspaces with isolated artifact storage.

Identity & access

  • GitHub and Google SSO — no email/password registration in production.
  • TOTP multi-factor authentication enforced on tenant and admin routes.
  • Role-based access: viewer, operator, approver, and tenant-admin tiers.

Secrets & transport

  • Flexible credential modes: runner-local, vault reference, or encrypted Atlas keypairs.
  • mTLS between Atlas and the Python sidecar for agent execution.
  • Cursor API keys stored encrypted with rotation support in the UI.

Governance & audit

  • Hash-chained, tamper-evident audit logs with export and retention policies.
  • Human-in-the-loop approval gates and freeze windows for production.
  • Command allowlists, deny patterns, and server-side kill switches via authorized_keys.

Defense in depth: OAuth rate limiting, webhook signature verification, session domain hardening, secret.materialized audit events (never key content), and configurable signup approval give platform operators full control over who gets in and what agents can do.

Progressive trust

Adopt at your own pace

Start with cloud agents and PRs. Add read-only SSH on staging. Move to a customer-hosted runner when you are ready for zero custody.

1

Cloud PRs

GitHub repos, no SSH

2

Read-only SSH

Staging investigate only

3

Your runner

Sidecar in your VPC

4

Vault refs

Secrets stay in your store

5

Prod remediate

Approvals + freeze windows

Ready to put agents to work — safely?

Create your organisation in minutes. Connect your environments, tell Atlas what to watch for, and let Cursor agents handle the rest while you stay in control.

Sign in with SSO Explore features