DigitalOcean Security

We know how critical your data is to you and that you rely on DigitalOcean for your infrastructure. We run our production servers from DigitalOcean's cloud as well and so security is at the forefront of our thoughts as it is yours.

Need to Report a Security Vulnerability?

Responsible DisclosureWe would like to keep DigitalOcean safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner.

Publicly disclosing a vulnerability can put the entire DigitalOcean community at risk. If you have discovered a possible vulnerability we would greatly appreciate you emailing us at security@digitalocean.com. We will work with you to assess and understand the scope of the issue and fully address any concerns. Any emails to security@digitalocean.com immediately are sent to our entire engineering staff to ensure that issues are addressed immediately. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.

Securing your message

To encrypt your communications with DigitalOcean, or to verify signed messages you receive from DigitalOcean you can use the PGP key below.

  • Key ID: A221304D
  • Key type: RSA
  • Key size: 4096
  • User ID: security@digitalocean.com
  • Fingerprint: 3770 0FE5 D2DC CB4E 24FD 8FBD F96D BC47 A221 304D

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFQjLKMBEAConpZArCoqYQF9ClQcm168QPN4m2tmXGEiknDeNYlmGYvKP3WJ
/omPy6fqmc1Ppwq6OUBzwQFTIjrMfnpTqsFXAJKC3aBBKccCyKC4zW1dRou74Cmr
FbCljz2lFECGYezG7QdYA3ivx61aPfUmH/KM4nk44VDtkudRRPP6IdqMCeiMKKJ+
bcVZJxT9NfnksoD0m76J8FjHzV2Tf0BNLuM7W7Kf+ucP9yUwjHlFmdJf6JcNOm0v
rR/NzHwq8SN1m5tXblKILufogW8N/PQA/8DaO/FlNG9AgmW5yOIujndQeV9+q0Ve
27TKI23jelekta8gxJH1gdw8+A54D9tbVTlwsX4QexAbAP6ruBZVvlT/3dW0IwrH
ECZ/r3fmbtqKCxjToAN/0VnhTZUxyScrRhXl5/lpez4jadn7ShJv2Xsr5fuU9SCz
NMOFhSFcibLdhg2h2cqGK6CD27KSV4gGTABWQX3EfHPj4S0mIdRAnxI+OMHvXUQF
2ifyHs7pvU47wzIYuTB6dQBkI68qRseaew+hX6/OXfbhTBj3SHFD3kR253bz/Git
IsD6r3ywEn0uNfNK0a3oKDA31/id+c0vk9uRESnbkC2P9MWGNXLXEVlR3l47Tc8F
Xg73qtfWWsjuh+USmukbmC6woyF18ecW+0zUZchJs/0izD5I/vwIbcZ4jwARAQAB
tEVEaWdpdGFsT2NlYW4gU2VjdXJpdHkgKElzc3VlZCAyMDE0LTA5LTI0KSA8c2Vj
dXJpdHlAZGlnaXRhbG9jZWFuLmNvbT6JAjcEEwEKACEFAlQjLKMCGwMFCwkIBwMF
FQoJCAsFFgIDAQACHgECF4AACgkQ+W28R6IhME1q0A/+OlCeZ8HnfVuMgpweAYyu
GcA53zPBJTP1OPhjrm4viuq9jy41XfFKbroUvZCeEkIN/gYJHcE1b5xnf4VF8h5N
Y5V9iYja+XmRMovGB4hmd+FL2XgxyL1uCLAFMD/FugyETkg10BRe8wMkXooljdHS
eatxQIxgSfradm7n3KV4BzzpDLegWHTWFYeuH6YZHXOMDF2F56FY5KvPPGh0A9yV
SS4OvV/lbnbWJE5Uvbuj58e6E/+KKHJSYZpBe2BzS94TD8jzqiThq8RaRn2UFmm0
A6lAhqmKa2NOQ2p6Q02zzWWXHV9cbanYV9tO0VZWVCNF+3K3Ms8HtFSJM2V15vvW
08uH0YTtibQzznK5TmC+hduyNejEw/eW/2FuDeYnp7GnhUhuf8TleMyEkFIMDxjB
drHbNTYgoMgJwm55bnoe496phE79wOZ091XuudOoUzOlXXzNUCQkHCRuDsWq1IiR
fHiUcmF8uNchEo4w97hKuv0ibZM9CBevpBfW7Fg3A58ilRhwkXQCVZmrREh3zqkl
VJacSXbIePhYf4kXHe3iOe/XkKrErPmcL0wC27zBM4TfHIpQcdCS0XiXAUEz6+Ar
oE7+I7ZZredzNeGbmBUWanaoeJzYFxHM/an8rrxpgBIItWwUT8bxmCkFyxn0GfGN
DrfA1ZEZAu5QkYer647pZni5Ag0EVCMsowEQAMB2PEEPcsR44HtqT0/5cd3v4H4H
JCT5So4/kYcx7rntZWCnUnU3/DHhJRuvyZ3IZZfDrdENE6bHrkD4Awua3wboxlRb
Tgxf28qPrw2GaOO2adJbf5iB3LOqyxTXKYkt4N1Zjc0+7ZDOahlkszFwQAJftp8A
/MK/SEW79ePshGjRbLpGNuIW02ZMh7sjzrRnyvr7ouZJb3WmnYJ9pQa4/3sG/Oy9
+26SyAF508vNdZBeCr4IEC/Oz0bK68lkJZM0ywpHTmvU/4OczggQNtIdnUJja9hM
g88HtvdkjzBHGo9cvnS7Vpsnj8bQ3y7/onT/LbHl5KgB/IxuLaCFJEGdfsJl3u+T
JUbAyWl+FlUHB7BGcEl6cXWw7VD7wlCry2MSB3r2kwNKMg3HghsTlgOWd+oWAHS7
vFdG3wEil22GKZ7cz4WAnysYMMM0toTqayDyHZLxstwtOP0wbka2t7Nh3DbEEVTe
qq9Onfj1KPzqni7gLMLHRKX3JRSTigVA9Tu5cQsi/vUPU08a7knL3i9b2z4tcKlO
8c8aq0Jj8EG3Z1OKBvzHjcHG0qDna5uL5js3R7Oax8Cz1JVBTapKoy9r4eYt15/p
TjpK0m9Mr5xfUGMerMmDauhefizGcGyaBvzfaJcorQ82mOICyrOXb/IZ+2izw7YT
OJfwZyalv0GdnUqvABEBAAGJAh8EGAEKAAkFAlQjLKMCGwwACgkQ+W28R6IhME2H
aA//XTbBIED42GNzBGbhafNGNDXZJqeR5IoYI3sy2O3Ujj4cDMC4Y2GgV7JctImq
jpR2brTqb2nSkPnjlbjRCu1SHUGbKZPrR5b623affPZXooKuANSs1HS2ruU5jCz2
WtIotAHbxue/65QeIdiVHqRUHr1rRyo+BCVIE6maEWADDoaq//r2yT6Ne/c5ezmO
tYrAFiRcJcRWThvGsiKjRoYme5kMd/BhokoyqZm225GWGK42W2M65704K5blhGOO
BkUCZIjR86frypXulQHZmiZrDzJBScoHRvA8bzihjKGByAYSpxirragtXje84t/X
bMBQdleR0z+kn4QJ0je+yy+PzXS8ClboP8Pf1MqLXLYpuLes2XOnuGwNbMT+h421
Dmkj184gWTil+U4REeCcTSL8v21j3UVBBrS1VjiJrdXBbuH0WFAgTSvNhdUvl0GA
F5JmJ25MZI4YMLrCLGS0v5em933hIaak+77TzrYiqZynYrs5Ixn6wbzbuvLkHeqW
NDBznhaRR4xmvlxC5YKEluO+mOt6/Vez+L6Hn5LRcqqcinRViBrJaqIXPBU/eBu8
cnMKViHExPZa11uJAseoiIRKCDuqwlik9j55+VhXnU9G3pIvYAMP0tZxGW33Fs2M
/6HJboUxz8wZBOiYZ0zRZjGOFfshhb9Ur+0JF2oh0ZRkatE=
=9DQt
-----END PGP PUBLIC KEY BLOCK-----
    

We thank you in advance for any disclosures that you will send our way and would like to thank the following individuals for their contribution and help in keeping DigitalOcean secure!

  • Randy Morse
  • Kamal Nasser
  • Jesper Wallin
  • Luke Strickland
  • Kenneth White
  • Joshua Lund
  • Mike Cardwell
  • Neal Poole
  • Nicholas Zaillian
  • Rafael Pablos
  • Jigar Thakkar
  • Nitesh Shilpkar
  • J Muhammed Gazzaly
  • Alejandro Lazaro
  • Ehraz Ahmed
  • Umraz Ahmed
  • Sebastian Neef
  • Anand Prakash
  • Bitquark Security Research
  • Tejash Patel
  • Simon Brown
  • Bernardo Rodrigues
  • Harshit Shukla
  • Rupesh Reddy
  • Kamil Sevi
  • Osman Do─čan
  • Lin Song
  • Guillaume Parent
  • Agastya Rz
  • Morgan Smith
  • Prakhar Prasad
  • Ali Hassan Ghori
  • Sergey Belov
  • Prakhar Prasad
  • Mohit Gupta
  • Frans Rosén
  • Yasir Taşdemir
  • Mohd Haji
  • Mayank Bhatodra

Virtual Server Security & Employee Access

Virtual server security and data integrity is of the utmost concern at DigitalOcean. As a result none of our technical support staff have any access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only our engineering team has direct access to the backend servers.

Physical Security

We use only premier datacenter facilities for colocating our equipment including: Equinix, Telx, and Telecity. Each site is staffed 24/7/365 with onsite security and to protect against unauthorized entry. Each site has security cameras that monitor both the facility premises as well as each area of the datacenter internally. There are biometric readers for access as well as at least two factor authentication to gain access to the building. Each facility is unmarked so as not to draw any additional attention from the outside and adheres to strict local and federal government standards.

Credit Card Security

We hand off credit card processing to Stripe. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information. For PayPal transactions we pass off customers directly to PayPal who is also PCI compliant.

Communications

All communications with DigitalOcean are transmitted over SSL (HTTPS) for both access to the public website as well as the API. We provide connectivity to the virtual servers via SSH and recommend that customers use SSH keys to setup their access.

Snapshot and Backup Security

Snapshots and Backups (images) are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can manage directly in how many regions their snapshots exist which allows customers to increase the redundancy of the files that are stored in the backend.

Questions

We would love to hear from you if you have any questions regarding any specific policy that could be made clearer or any general inquiries regarding security.

Please email us directly at: security@digitalocean.com.