Problem

As a platform team operating Coder as a CDE for our organization, we need the ability to enforce browser-only access to workspaces for data loss prevention (DLP) purposes.

Currently, even with Premium's max port sharing level set to owner, users can still exfiltrate data from workspaces via:

• coder port-forward + wget -r
• coder ssh + scp / tar
• SSH port forwarding

There is no template-level or deployment-level option to disable these CLI connection capabilities.

Prior Art: Google Cloud Workstations

Google Cloud Workstations solves this with a single flag:

gcloud workstations configs update CONFIG \
  --disable-ssh-to-vm

This restricts access to the Cloud Workstations Gateway (browser) only, effectively eliminating SSH and port-forward as data exfiltration vectors. Combined with VPC Service Controls and Secure Web Proxy, this provides a comprehensive DLP story.

Reference: https://cloud.google.com/workstations/docs/ssh-support

Current Workarounds and Their Limitations

None of these provide a native, simple solution comparable to Cloud Workstations' --disable-ssh-to-vm.

Proposal

Add a template-level configuration option, e.g.:

resource "coder_agent" "main" {
  # Disable all non-browser connection methods
  connection_mode = "browser_only"  # default: "all"
}

When browser_only is set:

• coder ssh → rejected by the control plane
• coder port-forward → rejected by the control plane
• SSH port forwarding → rejected
• Web terminal, coder_app (code-server, etc.) → allowed

This would make Coder a viable CDE option for organizations where DLP is a hard requirement, without needing third-party browser solutions.

Related

• Isolated workspaces without coder-related connection capabilities #14674 — Isolated workspaces without coder-related connection capabilities
• Coder's Island Browser integration docs acknowledge the DLP use case but rely on external tooling