Security

Shoreline was built with the most secure companies in the world in mind. Security is a primary design objective for each element of the architecture.  This focus on security also allowed us to earn our SOC2 Type 2 certification early in the company’s history.
All users must be identified and authenticated
  • Customers interact with Shoreline via GUI and CLI interfaces, which use Okta or another customer-provided SAML 1.1 or 2.0 provider for authentication.
  • The SAML provider stores all customer credentials; Shoreline does not store or manage customer authentication credentials.
  • Credentials required to call AWS or Kubernetes APIs, such as AWS roles and ssh config, never exit the customer environment.
Shoreline’s network and data are secure
  • Network connections are secured using SSL/TLS 1.3, ECDHE-SHA256 with 2048 bit RSA.
  • X.509 certificates are used between frontend to backend connections and agent to backend connections.
  • OpenSSL library is used to encrypt all data in transit.
  • All customer data at rest is encrypted using AES-256 OFB using BYOK and key wrapping
Rights are assigned by Kubernetes or Cloud IAM
  • Shoreline is installed without special privileges, and then inherits privileges through assigned roles.
  • No logins, passwords or keys are stored inside Shoreline.
All changes, activity, and repairs are audited
  • Shoreline creates audit records for all interactions, including who performed the action, at what time, on which resources, and whether the request succeeded or failed.
  • Credentials required to call AWS or Kubernetes APIs, such as AWS roles and ssh config, never exit the customer environment.
Shoreline’s backend runs as SaaS or in your AWS account
  • All standard Shoreline deployments use our secure SaaS architecture, while organizations that have specialized security requirements have the option to install the Shoreline backend within their own AWS account.
All users must be identified and authenticated
  • Customers interact with Shoreline via GUI and CLI interfaces, which use Okta or another customer-provided SAML 1.1 or 2.0 provider for authentication.
  • The SAML provider stores all customer credentials; Shoreline does not store or manage customer authentication credentials.
  • Credentials required to call AWS or Kubernetes APIs, such as AWS roles and ssh config, never exit the customer environment.
Shoreline’s network and data are secure
  • Network connections are secured using SSL/TLS 1.3, ECDHE-SHA256 with 2048 bit RSA.
  • X.509 certificates are used between frontend to backend connections and agent to backend connections.
  • OpenSSL library is used to encrypt all data in transit.
  • All customer data at rest is encrypted using AES-256 OFB using BYOK and key wrapping
Rights are assigned by Kubernetes or Cloud IAM
  • Shoreline is installed without special privileges, and then inherits privileges through assigned roles.
  • No logins, passwords or keys are stored inside Shoreline.
All changes, activity, and repairs are audited
  • Shoreline creates audit records for all interactions, including who performed the action, at what time, on which resources, and whether the request succeeded or failed.
  • Credentials required to call AWS or Kubernetes APIs, such as AWS roles and ssh config, never exit the customer environment.
Shoreline’s backend runs as SaaS or in your AWS account
  • All standard Shoreline deployments use our secure SaaS architecture, while organizations that have specialized security requirements have the option to install the Shoreline backend within their own AWS account.

Give us two weeks and we'll show you how to eliminate 30% of your incidents.

30-day free trial
No credit card required
Free training
Start a free trial
Resources
Blog
Videos
Webinars & Podcasts
Events
Documentation
Compare with Ansible
Compare with PagerDuty
Support
Company
About us
News
Values
Careers
Contact us
Try for free
© YYYY Shoreline Software™. All rights reserved.
Privacy Policy