terrain-server is pre-1.0. Security fixes are applied to the current main
branch and to the latest tagged release when practical.
Use GitHub private vulnerability reporting for this repository if it is enabled. If it is not enabled, contact the maintainers through GitHub and ask for a private reporting channel before sharing details.
Do not include credentials, bucket names, exploit code, or sensitive deployment details in public issues, discussions, pull requests, or logs.
Useful reports include:
- The affected version or commit.
- The deployment mode, such as local fixture data or Copernicus object-store data.
- The endpoint, command, or configuration involved.
- The expected impact.
- Minimal reproduction steps that do not expose secrets.
Credentials belong in config/credentials.env, which is ignored by git and by
container builds. The container image includes the tracked terrain index and
sample config files, but it does not include local credentials.
For production deployments:
- Mount credentials read-only or inject them through your platform secret manager.
- Restrict object-store credentials to the minimum bucket and permission scope required for terrain reads.
- Rotate credentials immediately if they are exposed in a terminal log, image layer, release artifact, issue, or pull request.
- Treat terrain bucket endpoints, access keys, and object paths as deployment details unless you have decided they are public.
/healthz only checks that the process can respond. /readyz checks the
terrain backend and, for the Copernicus object-store backend, verifies that the
configured bucket can be reached with the configured credentials.
Use the configured request limits, server timeouts, cache size, structured
logs, and /metrics endpoint to monitor and bound production deployments.