Discord question
I wonder about cloud security: among others: what are the guarantees about encryption in transit / at rest, backups, resilience (HA)? Can I read a contract somewhere, stating that EdgeDB and aws personnel can’t read my data (or explaining under which conditions)?
Reply
- Encryption: We implement encryption in transit for all internal and external traffic using TLS. For encryption at rest, the team is working on enabling data volume encryption by default, which should address concerns about data being encrypted while stored.
- Backups and Resilience (HA): High Availability is a feature that is planned to be rolled out soon. We are already running automated backups of databases on EdgeDB Cloud and will expose this to the user via the UI in an update shipping in the next two weeks.
- Data Access and Privacy: We do not store user secret keys. Additionally, internal database authentication data is encrypted in Vault and employee access to data, including database access, is controlled through policies and AWS Single Sign-On (SSO). We never look at customer data for any reason other than with explicit permission of that customer if it’s necessary to debug an issue.
- SOC 2: We are currently working towards SOC 2 compliance.
Please take a look at our Cloud Customer Terms and Conditions for the full terms of service agreement.
Research
- Planetscale and Supabase both have “Security” pages that outline compliance reporting, application security, and other security concerns
- Planetscale further has a documentation page “Security and Compliance” as well
- Planetscale privacy policy does not address data stored in the database
- Cockroach has an “Security Overview” page linked from the footer. This addresses some of these issues.
- Backups are generally handled in documentation