OrcaCD LogoOrcaCD

Security

Secure your OrcaCD deployment

OrcaCD is designed to be safe by default, but of course, there are always additional steps you can take to further secure your deployment. Here are some best practices to consider:

Harden your Deployment

  • Disable password authentication for the Hub and use a secure OIDC provider instead, that enforces strong authentication methods, including secure multi-factor authentication (MFA).
  • Always run the hub behind a secure reverse proxy and ensure that all communicationis encrypted using TLS.
  • Make sure to configure the TRUSTED_PROXIES environment variable correctly to prevent IP spoofing attacks.

Why is it safe by default?

A big focus of OrcaCD next to ease of use is security. Here are some of the measures we have taken to achieve this:

  • All sensitive data is stored encrypted in the database using a modern encryption algorithm (AEGIS-256).
  • Messages between the Hub and the Agents are encrypted with the same algorithm. The key is computed using the quantum-resistant ML-KEM algorithm in combination with X25519.
  • We take all security issues seriously. You can find our security policy here.

Last updated on

Reverse Proxy

Learn how to use a reverse proxy with OrcaCD

Account Recovery

Steps to recover your account if you have lost access

On this page

Harden your DeploymentWhy is it safe by default?