Agent Security

Secure communication between servers and the Docka platform.

Token Authentication

  • Generation: 32 bytes from crypto/rand, Base64 URL encoded
  • Storage: SHA-256 hash only (plaintext never stored)
  • Validation: Constant-time comparison (timing attack prevention)

WebSocket Security

  • Origin validation against allowed list
  • Token verification on connection upgrade
  • Configurable via WS_ALLOWED_ORIGINS

SSH Host Verification (TOFU)

Trust On First Use pattern for SSH connections:

  1. First connection: Host key stored in database
  2. Subsequent connections: Verify against stored key
  3. Key mismatch: Connection rejected, alert raised

Agent Installation

# Secure installation with token
curl -fsSL https://get.docka.dev/agent | \
  sudo sh -s -- --token YOUR_AGENT_TOKEN
← API Security Best Practices →