Loading docs
Security & Ops
Security Model
Understand provider credential boundaries, reviewer-safe shares, role isolation, and safe documentation capture.
Updated May 26, 2026QFlow StudioNormal userTeacher
QFlow documentation should make the security boundary obvious: workflow proof is shareable, credentials and admin state are not.
Use this page when writing internal runbooks, review instructions, public docs, or screenshots that mention provider access.
Purpose
Understand provider credential boundaries, reviewer-safe shares, role isolation, and safe documentation capture.
Where it fits
This page belongs to the Security & Ops section and should be read with the related pages listed at the end.
Review boundary
Use screenshots and notes to explain product behavior without exposing private credentials, admin state, or customer data.
Credential boundary
Provider tokens, account credentials, billing state, admin permissions, and private user records belong in authenticated private surfaces only.
Public docs can describe provider setup and route decisions, but they should not reveal secret material or admin-only tables.
No tokens
No billing records
No admin links
No private emails
Reviewer-safe evidence
Reviewer artifacts should include enough context to verify a result: circuit, source, counts, trace, route, and certificate state.
If a reviewer needs private workspace access to understand a result, the evidence packet needs improvement.
Next pages
Results & evidence
Use run history, evidence packets, certificates, and approved shares without exposing private workspace data.
Providers
Select quantum providers, inspect hardware fit, and keep credentials private while routing workflows.
Deployment
Operate the Docker stack, verify health checks, understand service boundaries, and prepare production deployment.