Communication and storage
Replicated is designed to run behind a firewall or in an airgapped environment. To access the on-prem web console, we currently mandate that you either provide a SSL certificate or use our self-signed certificates. We also highly encourage our third-party vendors to always run behind either a provided SSL certificate or the Replicated-generated certificate.
When utilizing the non-airgapped Replicated solution, there is limited communication between the Replicated daemon and replicated.com servers. Only the Replicated installable software communicates to Replicated’s servers. All data is transmitted over SSL/TLS and encrypted end to end. These communications are enabled by your IT person in accordance with your firewall/proxy settings.
User passwords for the Replicated vendor portal are secured with bcrypt. User passwords are never stored in plaintext and never visible to Replicated’s staff.
Development processes
The major components of our developer infrastructure are only accessible through our VPN.
Where available, we mandate that all Replicated employees utilize 2FA for services that are not behind our VPN.
All production systems run on secured, hardened and patched operating systems.
In our build process, we utilize static code analysis to detect for vulnerabilities. We run these tools against every build and do not promote unless we get a clean bill of health.