Security Best Practices

Recommendations for securing your Docka deployment.

Account Security

  1. Enable 2FA - Add two-factor authentication to your account
  2. Use Strong Passwords - Minimum 12 characters with mixed case, numbers, symbols
  3. Review Sessions - Regularly check active sessions and revoke unknown ones

API Security

  1. Rotate API Keys - Regenerate keys periodically
  2. Use Scoped Keys - Create keys with minimal required permissions
  3. Secure Storage - Never commit API keys to version control

Server Security

  1. Use SSH Keys - Never use password authentication
  2. Keep Agents Updated - Auto-update enabled by default
  3. Private Networks - Use VPC for internal services
  4. Firewall Rules - Restrict access to necessary ports only

Database Security

  1. Private Networking - Never expose databases publicly
  2. Regular Backups - Enable automated daily backups
  3. Encryption - Use encrypted connections (SSL/TLS)

Secrets Management

  1. Store secrets in environment variables, not code
  2. Use the Secrets Vault for sensitive credentials
  3. Rotate secrets regularly
  4. Audit secret access logs
← Agent Security Compliance →