We take the responsibility of securing passwords and other documentation very seriously. For our hosted environments, we follow industry-standard security recommendations like the following:
- Passwords are encrypted with AES 256-bit encryption and a unique key is generated for each password.
- Passwords are stored isolated from the token key that is used for decryption.
- For hosted Magic Cloud partners, passwords and all documentation data are stored in isolated containers.
- For hosted Magic Cloud partners, servers are protected with firewalls and advanced security measures to protect each application.
- In the case of self-hosted Hudu instances, your keys are never accessible to Hudu and remain under your control. Your passwords (encrypted or decrypted) are never sent to our servers.
- Decrypted password data is never saved to disk.
- In order to decrypt the data, attackers would have to go through a lengthy decryption process and have access to multiple parts of your application, making it extremely difficult to access confidential data.
- The entire application is only accessed over strong SSL encryption. We refuse connections that do not use encryption.
- You can control access to passwords via security groups.
- You can rollback and have access to passwords that have been changed.
- Password views are audited and added to a global activity trail, along with user information, IP address, date, time, and other information.