Security & Secret Management
At CredBrick, we take security seriously. Our comprehensive security measures ensure your data and credentials are protected at every layer of our infrastructure.
Environment Variables Management
All API keys are managed using runtime/build time environment variables inserted during Docker build. No environment variables are stored in code or Docker files - all configuration management files are in .gitignore.
Production Access Control
The machine hosting the production version is IP restricted and can only be accessed via SSH, ensuring maximum security for your production environment.
Multi-Environment Configuration
Development and production builds are totally separate with no shared variables to prevent cross-environment leaks. They are loaded as per the environment configured during build time.
IP-Based Database Access
Only certain machines/IPs are allowed access to the database, providing an additional layer of security against unauthorized access attempts.
Version Control Security
We use GitHub for version control with configured alerts. If any environment variable is pushed in plaintext code, an alert is immediately issued via email.
Role-Based Access Control (RBAC)
Only select users have access to viewing/editing environment variables. Granular permissions ensure team members only access what they need.
AES-256 Encryption
All delicate API keys requiring higher security (payment gateway keys, secrets) are encrypted using AES-256 and decrypted only when used in an API call.
Secure File Storage
Certificates, private keys, and files required for 3rd Party API access are stored on our private S3 bucket and cannot be accessed without the bucket's key + secret.
Additional Security Measures
Beyond our core security features, we implement multiple layers of protection to safeguard your business-critical data.
Secure Backups
All password backups, secret keys, and API keys are stored in secure storage (BitWarden) with RBAC. All databases are backed up daily with encryption.
Compliant Hosting
We use DigitalOcean for hosting, which is SOC2, SOC3, CSA, GDPR, and CBPR compliant, ensuring your data is protected by enterprise-grade security standards.
Regular Security Audits
Our security practices are regularly reviewed and updated to address emerging threats and maintain the highest standards of data protection.
Incident Response
We maintain a comprehensive incident response plan to quickly address any security concerns and minimize potential impact on your operations.
Enterprise-Grade Infrastructure
We leverage DigitalOcean's SOC2, SOC3, CSA, GDPR, and CBPR compliant infrastructure to ensure your data meets the highest security and compliance standards. Your information is stored within India and protected by industry-leading security protocols.
Questions About Our Security?
Our team is here to address any security concerns or questions you may have.