Security
Security best practices and configuration.
Authentication Security
Password Requirements
- Minimum 12 characters
- Mix of uppercase, lowercase, numbers, symbols
- No common passwords
Two-Factor Authentication
Enable 2FA for all users:
yaml
auth:
require_2fa: true
totp:
issuer: "Ops Atlas"Network Security
HTTPS Only
Always use HTTPS in production:
yaml
server:
force_https: true
hsts:
enabled: true
max_age: 31536000Firewall Rules
Only expose necessary ports:
bash
# Allow only HTTPS
ufw allow 443/tcp
ufw allow 22/tcp # SSH
ufw deny 3000/tcp # Block direct accessData Security
Encryption at Rest
Database encryption:
yaml
database:
encryption:
enabled: true
key: ${ENCRYPTION_KEY}Secrets Management
Never store secrets in:
- Code repositories
- Docker images
- Log files
Use:
- Environment variables
- Secret managers (Vault, AWS Secrets Manager)
- Kubernetes secrets
Audit Logging
Enable audit logs:
yaml
audit:
enabled: true
log_level: info
events:
- login
- logout
- deployment
- config_changeSecurity Headers
Default security headers:
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'Vulnerability Scanning
Regularly scan for vulnerabilities:
bash
# Scan Docker image
trivy image opsatlas/ops-atlas:latest
# Scan dependencies
npm audit
mvn dependency-check:checkIncident Response
If you discover a security vulnerability:
- Do not disclose publicly
- Email security@opsatlas.io
- We'll respond within 48 hours
- Coordinated disclosure after fix