Production and Non-Production environments should be isolated from each other to reduce the risk of impact to the Production environment due to changes in the Non-Production environment. Isolation is achieved in the following ways:

1. Access to the Production environment is be restricted to only those individuals with a need-to-know basis.
2. Data and applications should not be replicated between the Production and Non-Production environments.
3. Each environment should have its own hardware and software resources.
4. The Production environment should be isolated from the Non-Production environment through the use of virtual private networks (VPNs).
5. DigitalOcean production resources must define Trusted Sources and adhere to the principle of least privilege
6. All access to the Production environment is monitored and logged.
   1. Digitalocean: https://cloud.digitalocean.com/account/security
   2. AWS: https://us-east-1.console.aws.amazon.com/cloudtrail/home
   3. Cloudflare: https://dash.cloudflare.com/324b4b555acf9237253d01385a218689/audit-log
7. Production environments are only accessible over secure protocols
8. Sensitive keys or variables are never stored in version control and are instead exposed through Environment variables
9. Sensitive keys are shared via https://onetimesecret.com/ only to granted to users with a granted request as defined in ‣
10. Sensitive keys required for CI/CD are defined in DigitalOcean (for production builds) or Github (for builds & testing)