Security primer

This section aims to give you some reminders and ideas for best practices for having a tight system security wise.

Keep in mind that currently state of affairs is that there are a large number of international leagues with the only purpose of stealing your data, resources and/or money. They have automated tools for discovering any mistake you do, whereas you leave a system open, or publish inadvertently confidential data.

Do not take security for granted, if you do you are putting your data and assets at high risk.

Credential data in Taskforce.sh is encrypted according to latest cloud standards, as well as the data stored in the backups and persistent redis storage. Still it is important that you follow these steps in order to add another layer of security on top of your queues:

  • Avoid storing secret/confidential data on the jobs data at all cost.

  • If you really need to store secret data, always encrypt it using a private key that is not stored on the jobs data.

If you need to implement encryption is easier than you think, but it is also easy to implement it wrong, please read this article on how to do it the correct way: http://vancelucas.com/blog/stronger-encryption-and-decryption-in-node-js/

Last updated