Embedded Files
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI)
We utilize our own x509 infrastructure. Whilst it is used mainly internally, it is also used for licensed services provided via our non-public SaaS offers and for authentication via mTLS.
In case you are issued a client certificate, keeping it safe and available is in your sole responsibility. Once issued, any sensitive content will be encrypted to your certificate.
Backend service authorization is entirely handled via short-lived mTLS.
We also offer our PKI solution as a licensed, self-hosted deployment.
VPN (Wireguard, IPSec)
VPN (Wireguard, IPSec)
All WAN communication is VPN-gated. This includes internal cross-DC communication and management access. However, the VPN is used and meant for connectivity only, not for authorization.
(Note: IPSec is only offered in cases of technical necessity, e.g. for customer hardware without Wireguard support)
GNU Privacy Guard (GPG)
GNU Privacy Guard (GPG)
Our mail communication is always GPG Signed. We encourage you to encrypt any mails to us via GPG. And, of course, strongly encourage you to maintain your own GPG keychain - we gladly support you in setting it up.
In case you have a GPG keychain set up, sensitive content will be encrypted to your self-managed GPG keychain, and not your client certificate. It is in your responsibility to maintain it.
Page updated
Report abuse