Game Framework
Security & Access Control

Security Overview

Game Framework provides enterprise-grade security features to protect your private packages.

Security Features

1. Authentication

  • User tokens - JWT-based authentication
  • API keys - Long-lived keys for automation
  • OAuth 2.0 - SSO integration (Enterprise)
  • 2FA - Two-factor authentication

2. Authorization (RBAC)

Fine-grained permissions with 4 roles:

  • Owner - Full control
  • Developer - Publish packages
  • Tester - Download and test
  • Viewer - Read-only

See RBAC System for details.

3. Encryption

  • TLS 1.3 - All data in transit
  • AES-256 - Data at rest
  • Encrypted backups - Automatic encryption

4. Audit Logging

Complete audit trail:

  • Who performed action
  • What was changed
  • When it occurred
  • Where it came from (IP, user agent)

5. Network Security

  • IP allowlisting - Restrict access by IP
  • Rate limiting - Prevent abuse
  • DDoS protection - Enterprise tier
  • VPC support - Private networking

Security Best Practices

1. Token Management

# ✓ Use environment variables
export GF_PUB_TOKEN="gf_live_..."

# ✗ Don't hardcode tokens
TOKEN="gf_live_..."  # Bad!

2. Minimum Permissions

Grant only necessary permissions:

# ✓ Specific permissions
{
  "permissions": ["packages.read", "versions.create"]
}

# ✗ Excessive permissions
{
  "permissions": ["*"]
}

3. Regular Audits

# Review access logs monthly
curl https://registry.yourcompany.com/v1/workspaces/ws_ID/audit-logs \
  -H "Authorization: Bearer $TOKEN"

4. Rotate API Keys

Rotate keys every 90 days:

# Create new key
curl -X POST https://registry.yourcompany.com/v1/workspaces/ws_ID/api-keys \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"name":"New Key","permissions":[...]}'

# Revoke old key
curl -X DELETE https://registry.yourcompany.com/v1/api-keys/old_key_ID \
  -H "Authorization: Bearer $TOKEN"

5. Enable 2FA

Require 2FA for all workspace members:

curl -X PATCH https://registry.yourcompany.com/v1/workspaces/ws_ID/settings \
  -H "Authorization: Bearer $TOKEN" \
  -d '{"require_2fa": true}'

Compliance

Game Framework supports:

  • SOC 2 Type II - Security controls
  • GDPR - Data privacy
  • HIPAA - Healthcare data
  • ISO 27001 - Information security
  • PCI-DSS - Payment data (if applicable)

See Compliance for details.

Security Contacts

  • Security Issues: security@gameframework.dev
  • Vulnerability Reports: Use responsible disclosure
  • Bug Bounty: Available for Enterprise customers

Next Steps

Security concern? Contact security@gameframework.dev

Package Deprecation

Deprecating and managing end-of-life packages

RBAC System

Understanding Role-Based Access Control

On this page

Security OverviewSecurity Features1. Authentication2. Authorization (RBAC)3. Encryption4. Audit Logging5. Network SecuritySecurity Best Practices1. Token Management2. Minimum Permissions3. Regular Audits4. Rotate API Keys5. Enable 2FAComplianceSecurity ContactsNext Steps