henrygd
commented
2 months ago Yes, but of course it's always a good idea to take precautions where you can.
If you run the binary, I'd recommend running as a user that doesn't have access to any important files outside the scope of the application.
You can also disable password login to the web UI. Or just put an auth gateway like Authelia in front of the whole app without breaking functionality.
Even in the worst case scenario, if someone gains access to the hub and / or your private key, they can't use that to run commands on your remote systems.
Let me know if you have questions about anything specific.
If I host the app behind a reverse proxy (Nginx/Apache) is it safe to be hosted on a publicly available server if I attach an SSL certificate to the webserver?