Q: How is CFT secured?
Cool Farm Tool (CFT) sits in a highly secure Amazon Web Services (AWS) cloud infrastructure with rigorous security controls and is regularly patched with the latest security updates.

Q: How is data transferred between CFT and CFP?
Data is moved via an encrypted connection from the AWS secure system to Cool Farm Platform (CFP) on AWS. The passage of data is carried out over an encrypted channel.

Q: Where does the migration infrastructure sit?
The entire migration pipeline infrastructure sits within a highly secure private AWS network, which is not accessible to the public or outside the network.

Q: Who can access the migration infrastructure?
Access is strictly controlled by Cool Farm (CF) and is granted only to required developers via AWS accounts with 2FA.

Q: How are API keys managed in the migration pipeline?
The migration pipeline accesses the CFT and CFP APIs via API keys. These are generated by a CFA admin and stored securely as CI/CD variables in GitLab, which are then saved as encrypted “secrets” in AWS Parameter Store during deployment.

Q: How is access to API keys restricted?
Only functions that have been explicitly granted access to these API keys can retrieve the decryption key and access the plaintext API key. This prevents any external bad actor from retrieving the API keys and calling the CFT or CFP APIs by acting as the migration pipeline identity.