Skip to main content

Security Best Practices

X21 processes sensitive workbook data and executes code on your machine. Implement these safeguards to keep deployments secure.

Protect Credentials

  • Store Anthropic, Langfuse, and PostHog keys in appsettings.json (for VSTO) and environment variables (for Deno). Do not hardcode secrets in the UI.
  • Rotate keys regularly and restrict them to minimum scopes required.
  • Use Windows credential vaults or secret managers for production deployments instead of embedding keys in source control.

Secure the ClickOnce Pipeline

  • Sign ClickOnce manifests with a trusted certificate and install it in the Windows Trusted Publishers store.
  • Review Publish.ps1 before running—confirm the certificate thumbprint, target bucket, and branch guard (RequiredBranch) are correct.
  • Maintain separate environments (Dev, Internal, Staging, Production) with distinct certificates or signing policies.

Control Macro Capabilities

  • Only enable the VBA tools for users who understand the implications. Maintain group policies that limit macro execution to trusted add-ins.
  • Encourage teams to export VBA modules after approval and review them in version control.

Manage Local Services

  • The Deno server and Excel API listen on localhost only. Confirm firewall rules do not expose these ports externally.
  • Port files in %LOCALAPPDATA%\X21 are per-user. Ensure folder permissions prevent other users on the machine from tampering with them.
  • Monitor log directories for unexpected growth. Archive or purge logs periodically if they contain sensitive metadata.

Authentication & Access Controls

  • Enforce Supabase policies to restrict who can sign into production. Consider SCIM/SSO integration for enterprise directories.
  • Disable auto-approve by default in regulated environments. Require explicit approval for each tool call.
  • Use PostHog and Langfuse data to review activity and detect anomalous behaviour.

Incident Response

  • If you suspect compromise, revoke API keys immediately and redeploy with fresh credentials.
  • Use the ClickOnce “Repair” option to reinstall the add-in from a known-good manifest.
  • Review Langfuse traces for the period in question—they provide a detailed log of prompts, tool calls, and outcomes per user.
Security is a shared responsibility. Combine technical controls with user training to keep X21 reliable and compliant.