> ## Documentation Index
> Fetch the complete documentation index at: https://www.qovery.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Overview

> How Qovery keeps your data secure

## Your Data Stays on Your Infrastructure

**Qovery is designed so your data always stays within your own infrastructure.** This core design principle ensures maximum security and control.

<Info>
  Qovery operates as a control plane that only transfers metadata using gRPC or TLS. All your application data, databases, and workloads remain exclusively within your cloud infrastructure.
</Info>

## Security Architecture

<CardGroup cols={2}>
  <Card title="Your Infrastructure Not Exposed" icon="shield">
    Your infrastructure is never exposed. Qovery control plane only receives metadata via encrypted gRPC or TLS.
  </Card>

  <Card title="Data On Your Infrastructure" icon="server">
    All data stays within your cloud account. Qovery never stores or processes your application data.
  </Card>

  <Card title="Processes On Your Infrastructure" icon="microchip">
    All application processes run on your Kubernetes clusters. Qovery only manages orchestration.
  </Card>

  <Card title="Pen-Tested Regularly" icon="bug">
    Security is tested regularly by independent security agencies.
  </Card>
</CardGroup>

## How It Works

<Tabs>
  <Tab title="Managed Clusters">
    For Managed Clusters, Qovery manages the engine infrastructure:

    ```mermaid theme={null}
    graph TB
        Control[Qovery Control Plane<br/>metadata only via gRPC/TLS]
        Engine[Qovery Engine<br/>Managed by Qovery]

        subgraph Your Infrastructure
            K8s[Kubernetes]
            AWS[AWS / GCP / Azure / Scaleway]

            K8s -->|Runs On| AWS
        end

        Control -.->|Metadata Only<br/>gRPC/TLS| Engine
        Engine -->|Manages| K8s

        style Control fill:#642DFF,color:#fff
        style Engine fill:#7D55FF,color:#fff
        style K8s fill:#326CE5,color:#fff
        style AWS fill:#FF9900,color:#000
    ```

    **Key Principles**:

    * **Control Plane Separation** - Qovery's control plane is separate from your data plane
    * **Metadata Only** - Only configuration and status metadata transits to Qovery
    * **Encrypted Communication** - All communication uses gRPC over TLS
    * **Your Cloud Account** - All resources provisioned in your cloud account
  </Tab>

  <Tab title="BYOK Clusters">
    For BYOK (Bring Your Own Kubernetes), the engine runs in your infrastructure:

    ```mermaid theme={null}
    graph TB
        Control[Qovery Control Plane<br/>metadata only via gRPC/TLS]

        subgraph Your Infrastructure
            Engine[Qovery Engine]
            K8s[Kubernetes]
            AWS[Any Cloud Provider]

            Engine -->|Manages| K8s
            K8s -->|Runs On| AWS
        end

        Control -.->|Metadata Only<br/>gRPC/TLS| Engine

        style Control fill:#642DFF,color:#fff
        style Engine fill:#7D55FF,color:#fff
        style K8s fill:#326CE5,color:#fff
        style AWS fill:#FF9900,color:#000
    ```

    **Key Principles**:

    * **Full Control** - Engine runs entirely within your infrastructure
    * **Metadata Only** - Only configuration and status metadata transits to Qovery
    * **Encrypted Communication** - All communication uses gRPC over TLS
    * **Your Cloud Account** - All resources provisioned in your cloud account
  </Tab>
</Tabs>

***

## Encryption

Qovery implements comprehensive encryption strategies to protect your data throughout its lifecycle, from transmission to storage.

<AccordionGroup>
  <Accordion title="Data in Transit" icon="network-wired">
    Qovery ensures all communications are encrypted using industry-standard protocols.

    ### Qovery Services

    * **Qovery Client to Backend** - HTTPS and WebSocket Secure enforced.
    * **Qovery Backend to Backend** - HTTPS or gRPC with TLS
    * **Documentation and public website** - Served over HTTPS
    * **TLS 1.2** - On all endpoints, all rated A+ by [Qualys' SSL Labs tools](https://www.ssllabs.com/ssltest/)

    ### Customer Application Encryption

    Your applications deployed on Qovery benefit from automatic HTTPS protection:

    * **Automatic SSL/TLS Certificates** - Powered by [Let's Encrypt](https://letsencrypt.org/)
    * **Free, auto-renewed certificates** - No additional cost, automatically renewed before expiration
    * **Custom TLS Certificates** - [Available](/configuration/clusters#custom-domain-and-wildcard-tls-beta) for enterprise users
    * **Secure by default** - All your public endpoints are covered by default

    <Tip>
      Internal traffic never leaves your cloud provider's network, adding an extra layer of security through network isolation.
    </Tip>
  </Accordion>

  <Accordion title="Data at Rest" icon="hard-drive">
    Application data receives protection through encrypted storage mechanisms across all supported cloud providers.

    ### Storage Encryption

    Qovery predominantly utilizes **AES-256 block cipher encryption** for data at rest:

    * **Volume Encryption** - All persistent volumes encrypted
    * **Database Encryption** - Managed database encryption enabled by default
    * **Snapshot Encryption** - Backups and snapshots encrypted
    * **Log Storage** - Application and infrastructure logs encrypted

    ### Encryption Coverage

    | Component               | Encryption Method | Key Management     |
    | ----------------------- | ----------------- | ------------------ |
    | **Application Volumes** | AES-256           | Cloud provider KMS |
    | **Database Storage**    | AES-256           | Cloud provider KMS |
    | **Backups/Snapshots**   | AES-256           | Cloud provider KMS |
    | **S3/Object Storage**   | AES-256           | Cloud provider KMS |
    | **Container Registry**  | AES-256           | Cloud provider KMS |
    | **Logs**                | AES-256           | Cloud provider KMS |

    <Info>
      AES-256 is the industry standard for data encryption, recommended by NIST, ANSSI, and BSI.
    </Info>
  </Accordion>

  <Accordion title="Secrets Management" icon="key">
    Sensitive information receives enhanced protection using **salted AES-256 encryption** methods.

    ### What Qualifies as a Secret?

    * **Environment Variables** marked as "Secret"
    * **API Keys and Tokens** incl. GitHub access tokens.
    * **Cloud Service Provider credentials**
    * **TLS/SSL Private Keys**
    * **OAuth Client Secrets**
    * **Encryption Keys**
    * **Service Account Credentials**

    ### Secret Encryption Details

    **Encryption Method:**

    * Algorithm: **AES-256**
    * Key derivation: **PBKDF2**
    * Salt: Unique per customer
    * Storage: Encrypted in Qovery database

    **Access Control:**

    * Secrets encrypted at rest in Qovery's infrastructure
    * Decrypted only when required
    * Transmitted over encrypted channels only

    ### Secret Injection

    Secrets are securely injected into your applications:

    1. **At Build Time** (if needed)
       * Only the secrets specified
       * Used by disposable, transient build node
       * Available as environment variables during build
       * Not stored in container image

    2. **At Runtime**
       * Decrypted and injected as environment variables
       * Available only to the specific container
       * Stored in container memory only (not on disk)
  </Accordion>

  <Accordion title="Encryption by Cloud Provider" icon="cloud">
    Different cloud providers offer varying levels of encryption capabilities:

    <Tabs>
      <Tab title="AWS">
        **Encryption Features:**

        * EBS volumes are encrypted with AWS KMS
        * RDS databases and snapshots are encrypted at rest with KMS
        * S3 bucket for VPC flow logs use server-side encryption (SSE-S3 or SSE-KMS)
      </Tab>

      <Tab title="GCP">
        **Encryption Features:**

        * All data-at-rest is encrypted by default using AES-GCM 256
        * See [Google Cloud's Documentation →](https://docs.cloud.google.com/docs/security/encryption/default-encryption)
      </Tab>

      <Tab title="Azure">
        **Encryption Features:**

        * Server-side Encryption of disk storage using AES 256.
        * See [Azure's Documentation →](https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption)
      </Tab>
    </Tabs>
  </Accordion>
</AccordionGroup>

***

## Backup and Restore

Backups and restore are frequently a nightmare to setup, especially for databases. Qovery helps you get this part **always automatically managed by the Cloud provider**.

<AccordionGroup>
  <Accordion title="Application Rollback" icon="container-storage">
    Container applications maintain rollback capabilities through **container image retention**:

    * All successfully built container images are retained
    * Images are stored in your container registry
    * Previous versions remain available for rollback
    * No data loss when rolling back to earlier versions

    **How it works:**

    1. Every successful build creates a new container image
    2. Image is tagged with a unique identifier (commit SHA, build ID)
    3. Image is pushed to your container registry
    4. Previous images remain available for rollback

    <Tip>
      Container images act as snapshots of your application at specific points in time. You can roll back to any previous build instantly.
    </Tip>
  </Accordion>

  <Accordion title="Database Backups" icon="database">
    Managed databases have automatic daily backups managed by your cloud provider:

    * **Automated daily backups** - No manual configuration required
    * **Point-in-time recovery** - Restore to specific timestamps, when available
    * **Encrypted backups** - All backups encrypted at rest

    ### Backup Retention

    Default retention periods vary by cloud provider:

    | Provider           | Automated Backups | Manual Snapshots | Point-in-Time  |
    | ------------------ | ----------------- | ---------------- | -------------- |
    | **AWS RDS**        | 7-35 days         | Indefinite       | Last 5 minutes |
    | **GCP Cloud SQL**  | 7-365 days        | Indefinite       | Last second    |
    | **Azure Database** | 7-35 days         | Indefinite       | Last 5 minutes |
    | **Scaleway**       | 7 days            | Indefinite       | Not available  |

    <CardGroup cols={2}>
      <Card title="PostgreSQL" icon="database" href="/configuration/database">
        Automated daily backups with point-in-time recovery
      </Card>

      <Card title="MySQL" icon="database" href="/configuration/database">
        Daily snapshots with configurable retention
      </Card>

      <Card title="MongoDB" icon="database" href="/configuration/database">
        Continuous backups with point-in-time restore
      </Card>

      <Card title="Redis" icon="database" href="/configuration/database">
        Daily snapshots of persistent data
      </Card>
    </CardGroup>

    <Tip>
      This applies to cloud-provider-managed databases. Container-based databases are not recommended for production usage, and provide no automatic backup feature.
    </Tip>
  </Accordion>

  <Accordion title="Application Restore" icon="rotate-left">
    The Qovery configuration file resides in your Git repository with full version control.

    **Restoration Methods:**

    <Tabs>
      <Tab title="Via Qovery Console">
        1. Go to your environment in the Qovery Console
        2. Find your application in the list of **Services**
        3. Select the version you want to restore using the **Deploy another version** button
        4. Click **Deploy**

        <Info>
          This redeploys the exact container image from the previous build - no rebuild required!
        </Info>
      </Tab>

      <Tab title="Via Git Rollback">
        1. Identify the commit you want to roll back to:
           ```bash theme={null}
           git log --oneline
           ```

        2. Revert to that commit:
           ```bash theme={null}
           # Option 1: Revert specific commit (creates new commit)
           git revert <commit-hash>

           # Option 2: Reset to specific commit (rewrites history)
           git reset --hard <commit-hash>
           git push --force
           ```

        3. Qovery automatically detects the change and redeploys

        <Warning>
          When you rollback a commit containing a Qovery configuration change, ensure there are no other changes to avoid unwanted behavior.
        </Warning>
      </Tab>

      <Tab title="Via CLI">
        Use the Qovery CLI to redeploy a specific version:

        ```bash theme={null}
        # Redeploy specific version
        qovery application deploy -n <app-name> -c <commit-id>
        ```
      </Tab>
    </Tabs>

    **Best Practices:**

    * Test rollbacks in staging before production
    * Review configuration changes before rolling back
    * Communicate with your team before rollback
    * Monitor after rollback to ensure stability
  </Accordion>

  <Accordion title="Database Restore" icon="database">
    Database restoration is managed by your cloud provider and creates a new database instance.

    <Steps>
      <Step title="Access Cloud Provider Console">
        Log into your cloud provider console (AWS, GCP, Azure, or Scaleway).
      </Step>

      <Step title="Navigate to Database Service">
        Find your managed database service:

        * **AWS**: RDS or DocumentDB
        * **GCP**: Cloud SQL or Firestore
        * **Azure**: Azure Database
        * **Scaleway**: Managed Databases
      </Step>

      <Step title="Select Restore Point">
        Choose your restoration method:

        **Point-in-Time Recovery (PITR):**

        * Restore to any time within retention period
        * Most accurate recovery method
        * No data loss up to the specific second

        **Snapshot Restore:**

        * Restore from daily automated snapshots
        * Faster than PITR
        * Some data loss possible (data since last snapshot)
      </Step>

      <Step title="Create New Database Instance">
        Cloud providers create a new database instance from the backup:

        1. Configure instance settings
        2. Choose VPC and security groups
        3. Wait for restoration to complete (5-30 minutes)
      </Step>

      <Step title="Update Application Configuration">
        Update your application to point to the new database:

        1. In Qovery Console, go to your application
        2. Update environment variables with new database endpoint
        3. Redeploy your application
      </Step>

      <Step title="Verify and Cleanup">
        1. Verify data integrity in restored database
        2. Test application connectivity
        3. Delete old database instance if no longer needed
      </Step>
    </Steps>

    <Warning>
      Database restores create a **new instance**. Your application will need to be reconfigured to use the restored database endpoint.
    </Warning>

    ### Cloud Provider Documentation

    <CardGroup cols={2}>
      <Card title="AWS RDS Restore" icon="https://mintcdn.com/qovery/Nvnl0g5BHzA0XQmy/images/logos/cloud-providers/aws-icon.svg?fit=max&auto=format&n=Nvnl0g5BHzA0XQmy&q=85&s=12ef689645255696bfa4054d6e3aeaff" href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_CommonTasks.BackupRestore.html" width="24" height="24" data-path="images/logos/cloud-providers/aws-icon.svg">
        Amazon RDS backup and restore guide
      </Card>

      <Card title="GCP Cloud SQL Restore" icon="https://mintcdn.com/qovery/Nvnl0g5BHzA0XQmy/images/logos/cloud-providers/gcp-icon.svg?fit=max&auto=format&n=Nvnl0g5BHzA0XQmy&q=85&s=e38f243f4f39d204ebc65102ab2a7e3c" href="https://cloud.google.com/sql/docs/mysql/backup-recovery/restoring" width="24" height="24" data-path="images/logos/cloud-providers/gcp-icon.svg">
        Google Cloud SQL restore documentation
      </Card>

      <Card title="Azure Database Restore" icon="https://mintcdn.com/qovery/Nvnl0g5BHzA0XQmy/images/logos/cloud-providers/azure-icon.svg?fit=max&auto=format&n=Nvnl0g5BHzA0XQmy&q=85&s=0d214ad250aa99938f4f1796bb506fb9" href="https://docs.microsoft.com/en-us/azure/mysql/concepts-backup" width="24" height="24" data-path="images/logos/cloud-providers/azure-icon.svg">
        Azure Database backup and restore
      </Card>

      <Card title="Scaleway Kapsule" icon="https://mintcdn.com/qovery/Nvnl0g5BHzA0XQmy/images/logos/cloud-providers/scaleway-icon.svg?fit=max&auto=format&n=Nvnl0g5BHzA0XQmy&q=85&s=98d01c5b36e963048f139a17f6ff72a8" href="https://www.scaleway.com/en/docs/managed-databases/postgresql-and-mysql/how-to/restore-a-backup/" width="24" height="24" data-path="images/logos/cloud-providers/scaleway-icon.svg">
        Scaleway managed database backups
      </Card>
    </CardGroup>
  </Accordion>

  <Accordion title="Disaster Recovery Planning" icon="shield-halved">
    ### Recovery Time Objectives (RTO)

    Typical recovery times for Qovery-managed services:

    | Component               | RTO           | Notes                             |
    | ----------------------- | ------------- | --------------------------------- |
    | **Application**         | \< 5 minutes  | Redeploy previous container image |
    | **Database (Snapshot)** | 15-30 minutes | Create new instance from snapshot |
    | **Database (PITR)**     | 30-60 minutes | Restore to specific point in time |
    | **Configuration**       | \< 5 minutes  | Roll back Git configuration       |
    | **Full Cluster**        | 2-4 hours     | Rebuild cluster from scratch      |

    ### Best Practices

    * **Test restore procedures regularly** - Schedule quarterly restore drills
    * **Implement multi-region redundancy** - Deploy critical applications across regions
    * **Monitor backup health** - Set up alerts for failed backups
    * **Maintain documentation** - Keep runbooks updated with restore procedures
    * **Consider compliance** - Ensure backup retention meets regulatory requirements

    For a comprehensive guide on building a DR strategy with Qovery (cross-AZ, cross-region, cross-cloud, GitOps, database replication, failover orchestration, and testing), see the [Disaster Recovery Best Practices Guide](/configuration/disaster-recovery).
  </Accordion>
</AccordionGroup>

***

## Compliance Certifications

Qovery adheres to applicable cybersecurity regulations and holds certifications for relevant security frameworks, including:

<CardGroup cols={3}>
  <Card title="SOC 2 Type II" icon="shield-check" href="/getting-started/security-and-compliance/soc2">
    Security controls audited annually
  </Card>

  <Card title="GDPR" icon="gavel" href="/getting-started/security-and-compliance/gdpr">
    European data protection laws
  </Card>

  <Card title="HIPAA" icon="hospital" href="/getting-started/security-and-compliance/hipaa">
    US Healthcare data protection laws
  </Card>

  <Card title="DORA" icon="landmark" href="/getting-started/security-and-compliance/dora">
    Digital resilience compliance
  </Card>
</CardGroup>

***

## Security Best Practices

<AccordionGroup>
  <Accordion title="Use secret management">
    Never hardcode secrets in code. Use Qovery secret manager or external providers like Doppler, AWS Secrets Manager, or HashiCorp Vault.
  </Accordion>

  <Accordion title="Enable HTTPS everywhere">
    Always use HTTPS for public applications. Qovery provides automatic SSL certificates via Let's Encrypt.
  </Accordion>

  <Accordion title="Implement least privilege">
    Grant minimum required permissions to users and service accounts using RBAC.
  </Accordion>

  <Accordion title="Enable multi-factor authentication">
    Require MFA for all team members to protect against compromised credentials.
  </Accordion>

  <Accordion title="Test your backups regularly">
    Regularly test restore procedures to ensure backups work when needed.
  </Accordion>

  <Accordion title="Monitor security events">
    Set up alerts for suspicious activities and review audit logs regularly.
  </Accordion>
</AccordionGroup>

***

## Access Control

**Authentication**:
Access to the Qovery service requires the use of an external identity provider, and relies on an industry-standard solution to offer state-of-the-art authentication security.

* SSO via SAML 2.0 or OIDC
* OAuth 2.0 "Social Login" providers: Google, GitHub, GitLab, BitBucket, Microsoft

**Authorization**:

* Role-based access control (RBAC) system
* Predefined roles: Owner, Admin, Developer, Viewer
* Custom roles to manage scope of access (clusters, environments)
* Organization, project, and environment-level permissions

[Configure organization access →](/configuration/organization/members-rbac)

***

## Audit Logging

All actions in Qovery are logged for security and compliance:

* User authentication and authorization
* Resource creation, modification, deletion
* Configuration changes
* Deployment activities
* API access

Audit logs are immutable, and can be exported as JSON files.
Logs retention duration depends on your plan. Custom settings possible.

[View audit logs documentation →](/security-and-compliance/audit-logs)

***

## Security Incident Response

For security issues or vulnerabilities:

* Email: **[security@qovery.com](mailto:security@qovery.com)**

***

## Learn More

<CardGroup cols={2}>
  <Card title="Audit Logs" icon="list" href="/getting-started/security-and-compliance/audit-logs">
    Track all changes and actions in your organization
  </Card>

  <Card title="SOC 2 Compliance" icon="shield-check" href="/getting-started/security-and-compliance/soc2">
    SOC 2 Type II certification details
  </Card>

  <Card title="GDPR Compliance" icon="gavel" href="/getting-started/security-and-compliance/gdpr">
    Data protection and privacy
  </Card>

  <Card title="Database Configuration" icon="database" href="/configuration/database">
    Configure database settings and backups
  </Card>
</CardGroup>