Docs/NOME Build Cloud/Secrets

Secrets

How NOME Build Cloud isolates secrets per project, keeps them out of receipts, and scopes them to the host that needs them.

Per-project isolation

Secrets are isolated per project. One project's secrets are never visible to another project or another tenant. Secrets are injected into a job only when that job needs them and only on the runner that runs the job.

Never in receipts or logs

Receipts and logs never contain raw secrets. Output is scanned for secret-shaped lines — API keys, bearer tokens, private keys — and those lines are scrubbed before anything is recorded. A receipt records that a secret was used, never the secret itself.

Host-scoped on owner-edge

On an owner-edge runner you can keep secrets in your own environment or secret store; NOME does not slurp dotfiles or scrape environment variables for credentials. Connector tokens (GitHub, GitLab) are stored encrypted in the connector vault and resolved at dispatch, never logged.

Rotation and revocation

Secrets and connector tokens can be rotated or revoked. Revoking a runner invalidates its device token immediately; rotating a connector token cuts off post-back until you reconnect. NOME fails closed when a required secret is missing rather than proceeding without it.

Ready to try it?

Open NOME
CodeRabbit compatibilitySecurity
Nomad Maraud Inc.DocsSupportCareersContactTermsPrivacyAccountStatus
legal@nomadmaraud.com

© 2026 Nomad Maraud Inc. NOME™ is a trademark of Nomad Maraud Inc. All rights reserved.

Futures, foreign currency, and options trading contains substantial risk and is not for every investor. An investor could potentially lose all or more than the initial investment. Risk capital is money that can be lost without jeopardizing one’s financial security or lifestyle. Only risk capital should be used for trading and only those with sufficient risk capital should consider trading. Past performance is not necessarily indicative of future results.

Hypothetical or simulated performance results have certain limitations. Unlike an actual performance record, simulated results do not represent actual trading. Also, since the trades have not been executed, the results may have under- or over-compensated for the impact, if any, of certain market factors, such as lack of liquidity. Simulated trading programs in general are also subject to the fact that they are designed with the benefit of hindsight. No representation is being made that any account will or is likely to achieve profits or losses similar to those shown.

NinjaTrader® is a registered trademark of NinjaTrader Group, LLC. No NinjaTrader company has any affiliation with the owner, developer, or provider of the products or services described herein, or any interest, ownership or otherwise, in any such product or service, or endorses, recommends or approves any such product or service.

Nomad Maraud may receive compensation when users register through partner links. This does not constitute a recommendation to trade futures or open a brokerage account.

NOME