Skip to content
Latchkey

What Is a Hardened Runner? A CI Machine Built to Resist Attack

A hardened runner is a CI machine deliberately configured to resist tampering, limit what jobs can reach, and leave no state behind for the next job.

A runner executes whatever your pipeline tells it to, including code from dependencies and pull requests you may not fully trust. A hardened runner assumes some of that code might be hostile and is built to limit the damage: tight defaults, restricted network access, monitoring, and no persistent state. It is the difference between a soft target and a fortified one.

What hardening involves

  • Running jobs with least privilege, not as an all-powerful user.
  • Egress filtering to block unexpected outbound connections.
  • Monitoring for anomalous process and network behavior.
  • Ephemeral, isolated environments with no shared state.

Why a default runner is risky

A long-lived, broadly permissioned runner is a juicy target: it sees many jobs, holds powerful credentials, and persists state. A compromise of one job can poison the next or harvest secrets across runs. Hardening removes those affordances.

Egress filtering and monitoring

Two of the most effective controls are restricting where a job can send data (so exfiltration fails) and watching for suspicious behavior (a build step suddenly opening a network connection it never has before). Together they catch and block many supply-chain attacks in the act.

Isolation and ephemerality

A hardened runner gives each job a fresh, isolated environment and destroys it afterward. That single property defeats a whole class of attacks: a compromised job cannot persist, cannot read another job's secrets, and cannot tamper with future builds.

Hardening as a managed default

Hardening a self-hosted fleet is ongoing work. Managed runners that are isolated and ephemeral by design (like Latchkey) deliver the core hardening, fresh environment per job, no shared state, reduced attack surface, without your team maintaining it.

Key takeaways

  • A hardened runner resists tampering and contains damage from hostile code.
  • Least privilege, egress filtering, monitoring, and isolation are the core controls.
  • Ephemeral, isolated environments defeat persistence and cross-job secret theft.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →