Skip to content
GrowthPath Developer Documentation

Deployment & Security

The fleet of GrowthPath Application Servers is hosted on industry-leading cloud infrastructure with client isolation and modern deployment practices.

Infrastructure

Section titled “Infrastructure”

Compute

Section titled “Compute”

The Application Server fleet runs on Amazon Web Services Managed Kubernetes service (Amazon EKS) in a US zone. US zones perform best with cloud APIs, which is critical for integrations that make frequent API calls to services like Cin7 Core, Xero, and Shopify.

Database

Section titled “Database”

The database service uses AWS RDS (PostgreSQL). This is a managed database service providing automated backups, patching, and high availability.

Client Isolation

Section titled “Client Isolation”

Each client Application Server is a dedicated Kubernetes namespace with dedicated CPU resources according to their level of service. Each client has a distinct database. There is no co-tenanting of data.

Technology Stack

Section titled “Technology Stack”

The software stack uses open-source technologies:

  • Python — Primary language for integration logic and automation
  • PostgreSQL — Database layer (via AWS RDS) with JSON processing capabilities
  • Kubernetes — Container orchestration (via Amazon EKS)
  • Django — Web framework for admin interfaces and middleware
  • Linux — Base operating system

GrowthPath contributes financially to these open-source projects, as well as contributing code.

Deployment Pipeline

Section titled “Deployment Pipeline”

The codebase follows modern standards:

  • Git — Source control via a private repository on GitHub
  • Automated deployments — A new deployment is typically ready in about 80 seconds from commit
  • Zero-downtime updates — Kubernetes rolling deployments ensure no interruption during updates
Git push ──→ CI/CD pipeline ──→ Docker image build ──→ Kubernetes rolling deploy
                                                                    
                                              ~80 seconds from push to live

Security Model

Section titled “Security Model”

Development Environment

Section titled “Development Environment”

The development environment follows best practices:

  • Secured Linux-based workstations
  • SSH key-based authentication
  • Encrypted at rest

API Credentials

Section titled “API Credentials”
  • API credentials are stored securely within the Application Server infrastructure
  • Credentials are never exposed in source code or logs
  • Access is scoped to the minimum required permissions per integration

Network Security

Section titled “Network Security”
  • The Kubernetes cluster runs within AWS’s virtual private cloud (VPC)
  • Network policies restrict pod-to-pod communication to what is required
  • Ingress and egress traffic is controlled via security groups

Data Security

Section titled “Data Security”
  • Client data is isolated per namespace and per database — no co-tenanting
  • Database connections are encrypted (TLS)
  • Data at rest is encrypted via AWS RDS encryption

Server Monitoring

Section titled “Server Monitoring”

Core background jobs are monitored and can be viewed by clients upon request. This is “deadman” monitoring: it alarms if a background process does not check in on a certain schedule.