After you have secured and hardened your deployment, exporting a validated development profile for production is an important step in real-world deployments, which ensures that the artifacts you ship to an operations environment are secure, immutable, and aligned with compliance requirements. It also removes development-specific components and creates a controlled boundary for signing and scanning. This section explains why and how to export artifacts for production environments after successful validation in development.

Why export instead of running development profiles in production?

The following reasons explain why you should export a production bundle instead of directly running a development profile in a production environment.
Reason Description
Freeze image digests Guarantees immutability and aligns with software bill of materials (SBOM) requirements
Strip developer artifacts Removes client scripts, verbose configs, and private keys unless explicitly included
Self-contained package Produces a directory or tarball ready for shipping to operations
Controlled artifact boundary Enables signing, scanning, and provenance checks
CAUTION: You are recommended to never run development profiles in production. Exporting enforces compliance and security best practices.