For CI/CD pipelines that interact with highly sensitive services such as databases, it is crucial to limit access to these services to trusted actors only. Our users can run their GitHub Actions on runners with a dedicated static IP for egress traffic, allowing them to setup strict network policies and access controls.

How it Works

On purchasing a static IP, all of the organization’s runners will use a dedicated, encrypted WireGuard tunnel to route network packets through a NAT gateway with a static IP. The dedicated tunnel per NAT gateway ensures complete isolation of network traffic for that organization from other Blacksmith subnets.

To enable static IPs for your organization, please contact us at [email protected]. Static IPs are available for a fixed monthly fee.

Workflow AnalyticsOverview