Skip to main content

Your Data Stays on Your Infrastructure

Qovery is designed so your data always stays within your own infrastructure. This core design principle ensures maximum security and control.
Qovery operates as a control plane that only transfers metadata using gRPC or TLS. All your application data, databases, and workloads remain exclusively within your cloud infrastructure.

Security Architecture

Your Infrastructure Not Exposed

Your infrastructure is never exposed. Qovery control plane only receives metadata via encrypted gRPC or TLS.

Data On Your Infrastructure

All data stays within your cloud account. Qovery never stores or processes your application data.

Processes On Your Infrastructure

All application processes run on your Kubernetes clusters. Qovery only manages orchestration.

Pen-Tested Regularly

Security is tested regularly by independent security agencies.

How It Works

For Managed Clusters, Qovery manages the engine infrastructure:Key Principles:
  • Control Plane Separation - Qovery’s control plane is separate from your data plane
  • Metadata Only - Only configuration and status metadata transits to Qovery
  • Encrypted Communication - All communication uses gRPC over TLS
  • Your Cloud Account - All resources provisioned in your cloud account

Encryption

Qovery implements comprehensive encryption strategies to protect your data throughout its lifecycle, from transmission to storage.
Qovery ensures all communications are encrypted using industry-standard protocols.

Qovery Services

  • Qovery Client to Backend - HTTPS and WebSocket Secure enforced.
  • Qovery Backend to Backend - HTTPS or gRPC with TLS
  • Documentation and public website - Served over HTTPS
  • TLS 1.2 - On all endpoints, all rated A+ by Qualys’ SSL Labs tools

Customer Application Encryption

Your applications deployed on Qovery benefit from automatic HTTPS protection:
  • Automatic SSL/TLS Certificates - Powered by Let’s Encrypt
  • Free, auto-renewed certificates - No additional cost, automatically renewed before expiration
  • Custom TLS Certificates - Available for enterprise users
  • Secure by default - All your public endpoints are covered by default
Internal traffic never leaves your cloud provider’s network, adding an extra layer of security through network isolation.
Application data receives protection through encrypted storage mechanisms across all supported cloud providers.

Storage Encryption

Qovery predominantly utilizes AES-256 block cipher encryption for data at rest:
  • Volume Encryption - All persistent volumes encrypted
  • Database Encryption - Managed database encryption enabled by default
  • Snapshot Encryption - Backups and snapshots encrypted
  • Log Storage - Application and infrastructure logs encrypted

Encryption Coverage

ComponentEncryption MethodKey Management
Application VolumesAES-256Cloud provider KMS
Database StorageAES-256Cloud provider KMS
Backups/SnapshotsAES-256Cloud provider KMS
S3/Object StorageAES-256Cloud provider KMS
Container RegistryAES-256Cloud provider KMS
LogsAES-256Cloud provider KMS
AES-256 is the industry standard for data encryption, recommended by NIST, ANSSI, and BSI.
Sensitive information receives enhanced protection using salted AES-256 encryption methods.

What Qualifies as a Secret?

  • Environment Variables marked as “Secret”
  • API Keys and Tokens incl. GitHub access tokens.
  • Cloud Service Provider credentials
  • TLS/SSL Private Keys
  • OAuth Client Secrets
  • Encryption Keys
  • Service Account Credentials

Secret Encryption Details

Encryption Method:
  • Algorithm: AES-256
  • Key derivation: PBKDF2
  • Salt: Unique per customer
  • Storage: Encrypted in Qovery database
Access Control:
  • Secrets encrypted at rest in Qovery’s infrastructure
  • Decrypted only when required
  • Transmitted over encrypted channels only

Secret Injection

Secrets are securely injected into your applications:
  1. At Build Time (if needed)
    • Only the secrets specified
    • Used by disposable, transient build node
    • Available as environment variables during build
    • Not stored in container image
  2. At Runtime
    • Decrypted and injected as environment variables
    • Available only to the specific container
    • Stored in container memory only (not on disk)
Different cloud providers offer varying levels of encryption capabilities:
Encryption Features:
  • EBS volumes are encrypted with AWS KMS
  • RDS databases and snapshots are encrypted at rest with KMS
  • S3 bucket for VPC flow logs use server-side encryption (SSE-S3 or SSE-KMS)

Backup and Restore

Backups and restore are frequently a nightmare to setup, especially for databases. Qovery helps you get this part always automatically managed by the Cloud provider.
Container applications maintain rollback capabilities through container image retention:
  • All successfully built container images are retained
  • Images are stored in your container registry
  • Previous versions remain available for rollback
  • No data loss when rolling back to earlier versions
How it works:
  1. Every successful build creates a new container image
  2. Image is tagged with a unique identifier (commit SHA, build ID)
  3. Image is pushed to your container registry
  4. Previous images remain available for rollback
Container images act as snapshots of your application at specific points in time. You can roll back to any previous build instantly.
Managed databases have automatic daily backups managed by your cloud provider:
  • Automated daily backups - No manual configuration required
  • Point-in-time recovery - Restore to specific timestamps, when available
  • Encrypted backups - All backups encrypted at rest

Backup Retention

Default retention periods vary by cloud provider:
ProviderAutomated BackupsManual SnapshotsPoint-in-Time
AWS RDS7-35 daysIndefiniteLast 5 minutes
GCP Cloud SQL7-365 daysIndefiniteLast second
Azure Database7-35 daysIndefiniteLast 5 minutes
Scaleway7 daysIndefiniteNot available

PostgreSQL

Automated daily backups with point-in-time recovery

MySQL

Daily snapshots with configurable retention

MongoDB

Continuous backups with point-in-time restore

Redis

Daily snapshots of persistent data
This applies to cloud-provider-managed databases. Container-based databases are not recommended for production usage, and provide no automatic backup feature.
The Qovery configuration file resides in your Git repository with full version control.Restoration Methods:
  1. Go to your environment in the Qovery Console
  2. Find your application in the list of Services
  3. Select the version you want to restore using the Deploy another version button
  4. Click Deploy
This redeploys the exact container image from the previous build - no rebuild required!
Best Practices:
  • Test rollbacks in staging before production
  • Review configuration changes before rolling back
  • Communicate with your team before rollback
  • Monitor after rollback to ensure stability
Database restoration is managed by your cloud provider and creates a new database instance.
1

Access Cloud Provider Console

Log into your cloud provider console (AWS, GCP, Azure, or Scaleway).
2

Navigate to Database Service

Find your managed database service:
  • AWS: RDS or DocumentDB
  • GCP: Cloud SQL or Firestore
  • Azure: Azure Database
  • Scaleway: Managed Databases
3

Select Restore Point

Choose your restoration method:Point-in-Time Recovery (PITR):
  • Restore to any time within retention period
  • Most accurate recovery method
  • No data loss up to the specific second
Snapshot Restore:
  • Restore from daily automated snapshots
  • Faster than PITR
  • Some data loss possible (data since last snapshot)
4

Create New Database Instance

Cloud providers create a new database instance from the backup:
  1. Configure instance settings
  2. Choose VPC and security groups
  3. Wait for restoration to complete (5-30 minutes)
5

Update Application Configuration

Update your application to point to the new database:
  1. In Qovery Console, go to your application
  2. Update environment variables with new database endpoint
  3. Redeploy your application
6

Verify and Cleanup

  1. Verify data integrity in restored database
  2. Test application connectivity
  3. Delete old database instance if no longer needed
Database restores create a new instance. Your application will need to be reconfigured to use the restored database endpoint.

Cloud Provider Documentation

https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/aws-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=39fdefda6b2a184faa10bc1d85b46f7d

AWS RDS Restore

Amazon RDS backup and restore guide
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/gcp-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=193518027f66a4ac6a82d008c61b3c5d

GCP Cloud SQL Restore

Google Cloud SQL restore documentation
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/azure-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=e01d2f798fbdc429f1f4d013772a8be2

Azure Database Restore

Azure Database backup and restore
https://mintcdn.com/qovery/bC94RbU5OE288_w9/images/logos/cloud-providers/scaleway-icon.svg?fit=max&auto=format&n=bC94RbU5OE288_w9&q=85&s=9e27c1725260aba1a6fbfcaa78b63370

Scaleway Kapsule

Scaleway managed database backups

Recovery Time Objectives (RTO)

Typical recovery times for Qovery-managed services:
ComponentRTONotes
Application< 5 minutesRedeploy previous container image
Database (Snapshot)15-30 minutesCreate new instance from snapshot
Database (PITR)30-60 minutesRestore to specific point in time
Configuration< 5 minutesRoll back Git configuration
Full Cluster2-4 hoursRebuild cluster from scratch

Best Practices

  • Test restore procedures regularly - Schedule quarterly restore drills
  • Implement multi-region redundancy - Deploy critical applications across regions
  • Monitor backup health - Set up alerts for failed backups
  • Maintain documentation - Keep runbooks updated with restore procedures
  • Consider compliance - Ensure backup retention meets regulatory requirements

Compliance Certifications

Qovery adheres to applicable cybersecurity regulations and holds certifications for relevant security frameworks, including:

SOC 2 Type II

Security controls audited annually

GDPR

European data protection laws

HIPAA

US Healthcare data protection laws

DORA

Digital resilience compliance

Security Best Practices

Never hardcode secrets in code. Use Qovery secret manager or external providers like Doppler, AWS Secrets Manager, or HashiCorp Vault.
Always use HTTPS for public applications. Qovery provides automatic SSL certificates via Let’s Encrypt.
Grant minimum required permissions to users and service accounts using RBAC.
Require MFA for all team members to protect against compromised credentials.
Regularly test restore procedures to ensure backups work when needed.
Set up alerts for suspicious activities and review audit logs regularly.

Access Control

Authentication: Access to the Qovery service requires the use of an external identity provider, and relies on an industry-standard solution to offer state-of-the-art authentication security.
  • SSO via SAML 2.0 or OIDC
  • OAuth 2.0 “Social Login” providers: Google, GitHub, GitLab, BitBucket, Microsoft
Authorization:
  • Role-based access control (RBAC) system
  • Predefined roles: Owner, Admin, Developer, Viewer
  • Custom roles to manage scope of access (clusters, environments)
  • Organization, project, and environment-level permissions
Configure organization access →

Audit Logging

All actions in Qovery are logged for security and compliance:
  • User authentication and authorization
  • Resource creation, modification, deletion
  • Configuration changes
  • Deployment activities
  • API access
Audit logs are immutable, and can be exported as JSON files. Logs retention duration depends on your plan. Custom settings possible. View audit logs documentation →

Security Incident Response

For security issues or vulnerabilities:

Learn More

Audit Logs

Track all changes and actions in your organization

SOC 2 Compliance

SOC 2 Type II certification details

GDPR Compliance

Data protection and privacy

Database Configuration

Configure database settings and backups