Learn about deploying Devin in your Virtual Private Cloud (VPC)
Devin’s in-VPC deployment offering allows hosting Devin’s development environments in your VPC, which enables Devin’s VMs to access proprietary resources behind your corporate firewall. The supported architecture offers an entirely stateless system guarantee, meaning that no data will be stored at rest outside of your environment.
There are multiple ways to establish fine-grained control over Devin’s access within your environment, including but not limited to customer services or resources via SSO or version control system access controls.
For additional information and security documentation, visit our Trust Center.
Devin consists of two primary components:
A customizable development environment where Devin’s actions are executed. Includes shell, editor, and browser capabilities. Deployed inside the customer’s VPC.
The core intelligence system that processes snippets of context to determine every Devin action. Hosted in Cognition’s tenant.
Instance Type Requirements:
Every Devin session requires a new VM. These instance types allow ad-hoc creation of VMs for Devin session start. Visit AWS VPC Setup to see concurrency capacity per instance.
Operating System: Ubuntu 24.04
Granting internet access to Devin’s in-VPC instances is strongly recommended
Customer data are split into two locations:
Primary customer DB:
Secondary customer DB:
All customer data is encrypted with a custom KMS key. All database read/write operations are performed through native APIs.
Isolated Devin Brain containers, authorized to the customer data store, are created for each new session. Secrets are decrypted at the start of a session, loaded as environment variables, then re-encrypted. This process is programmatic.
Prior to being sent to the frontend, secrets are redacted and are shown as [REDACTED SECRET]
.
The following are loaded onto Devin’s machine:
Core Utilities: git, python, java, docker, and more
Custom Components:
.py
scripts necessary for Devin’s functionalityYou may audit the scripts and reduce the default package installation as desired. Request the DevBox setup scripts from your Cognition representative.
Devin instance’s DNS configuration requires proper setup to resolve records in private hosted zones. If you encounter DNS resolution issues with private records, follow the steps below.
To enable Devin instances to resolve records in private hosted zones:
This configuration ensures that Devin instances can properly resolve both public DNS records and private records in your hosted zones.