Opsmate understands the importance of your data. We make security a priority, and consider it in every decision we make. Read on for details, or contact us at security@opsmate.com.
Opsmate Security Overview
Opsmate protects your data at rest
Opsmate encrypts all data, including metadata, using the industry-standard AES-256 before uploading it from your server. Unique AES keys (one for data and another for metadata) are generated for each backup, and are encrypted with your account's RSA public keys before being uploaded along with the backup. Only you, as the holder of your RSA private keys, can reverse this process and decrypt your data.
Additionally, all backups are signed with RSA to protect against tampering.
Opsmate follows best practices for all use of cryptography. For a detailed technical description, see the crypto details page.
You maintain full control over your private keys, and choose how they're managed.
Opsmate protects your data in transit
Opsmate requires HTTPS for our website, and our servers are configured to prefer strong, forward secrecy-preserving ciphers. We use HSTS to ensure browsers communicate with Opsmate only over HTTPS. We're included in Firefox and Chrome's HSTS preload list, and in the rulesets for HTTPS Everywhere.
All communication between the Opsmate client and the Opsmate servers is encrypted using TLS with strong, forward secrecy-preserving ciphers only. Although your data is encrypted with your personal encryption key before it is uploaded, it is encrypted again with the ephemeral TLS session key. This ensures that even if your key is compromised at a later date, it cannot be used to decrypt data that was sniffed while in transit.
The TLS connection between the Opsmate client and the Opsmate server is verified using an Opsmate-specific certificate authority which is bundled with the client. Using an Opsmate-specific certificate authority ensures that the Opsmate service remains secure even if the public certificate authority system is compromised.
Opsmate runs a secure infrastructure
Opsmate servers and development machines are secured to the highest degree possible. Servers run only stable operating systems with software that receives automatic nightly security updates. Public-facing services are kept to a minimum to reduce the attack surface.
Servers are configured using configuration management to ensure the uniformity of security-sensitive configuration. The configuration is frequently reviewed to ensure it's as secure as possible. Our configuration management repositiory is encrypted and signed to protect sensitive credentials and prevent unauthorized configuration changes.
All communication between servers, including database traffic, uses encrypted and authenticated VPNs. No sensitive communication ever leaves a server unencrypted.
All servers use encrypted swap to ensure sensitive memory cannot be recovered from disk. All systems used for development and administration use full-disk encryption to ensure the security of keys and credentials.
Opsmate protects your billing information
Opsmate does not store credit card details. We out source our credit card processing to Stripe. Stripe complies with PCI standards in the storage and handling of credit card information. Credit card details are securely transmitted to Stripe directly from your web browser or the Opsmate client and never pass through our servers.
Opsmate protects your password
Account passwords are stored securely, according to industry-standard best practices, using a one-way key derivation algorithm (PBKDF2 with 25,000 rounds of HMAC-SHA256). It is impossible for Opsmate to reverse this process and discover your password. If you request a password reset, a temporary token will be randomly generated and emailed to you. Opsmate will never send your personal password in an email, nor will we ever ask you to email us your password.
Opsmate delivers software securely
Opsmate's Debian and Ubuntu APT repository is signed with a 4096-bit PGP key (D128 3749 BA6F 070F 8169 99EC B250 8698 0CEE 9074) to protect against tampering. By default, apt-get and aptitude automatically verify signatures.
Our other packages are individually signed with a 4096-bit PGP key (2A83 8C48 2671 4892 01AB 54E6 8C6E 9C54 0AB7 054E), and are served over HTTPS.
Reporting a security issue
Opsmate investigates all reported security issues and credits security researchers who practice responsible disclosure. If you believe you've found a security vulnerability in any aspect of Opsmate's services, please send an email to security@opsmate.com (optionally using our PGP key (B080 C8D9 9A1F ED91 8252 C785 407E CA74 D3AB 6E23)), with as much information as possible about the potential flaw. You will receive a response as soon as possible, usually within 24 hours. We request that you not publicly disclose the issue until it has been addressed by Opsmate.
PGP
Opsmate uses 4096-bit RSA PGP keys which are configured to prefer strong ciphers and hash algorithms. Opsmate's public keys are:
- B080 C8D9 9A1F ED91 8252 C785 407E CA74 D3AB 6E23, for correspondence and for certifying other keys
- 2A83 8C48 2671 4892 01AB 54E6 8C6E 9C54 0AB7 054E, for signing individual packages
- D128 3749 BA6F 070F 8169 99EC B250 8698 0CEE 9074, for signing software repositories (e.g. APT)
Have a question?
We would love to hear from you if you have any questions regarding our security practices. Please email us at security@opsmate.com.