Need to Report a Security Vulnerability?
Please email us directly at: firstname.lastname@example.org.
Responsible Disclosure: We would like to keep DigitalOcean safe and secure for everyone. If you have discovered a security vulnerability we would greatly appreciate your help in disclosing it to us in a responsible manner.
Publicly disclosing a vulnerability can put the entire DigitalOcean community at risk. If you have discovered a possible vulnerability we would greatly appreciate you emailing us at email@example.com. We will work with you to assess and understand the scope of the issue and fully address any concerns. Any emails are immediately sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
Securing your message
To encrypt your communications with DigitalOcean, or to verify signed messages you receive from DigitalOcean you can use the PGP key below.
- Key ID: A221304D
- Key type: RSA
- Key size: 4096
- User ID: firstname.lastname@example.org
3770 0FE5 D2DC CB4E 24FD 8FBD F96D BC47 A221 304D
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFQjLKMBEAConpZArCoqYQF9ClQcm168QPN4m2tmXGEiknDeNYlmGYvKP3WJ /omPy6fqmc1Ppwq6OUBzwQFTIjrMfnpTqsFXAJKC3aBBKccCyKC4zW1dRou74Cmr FbCljz2lFECGYezG7QdYA3ivx61aPfUmH/KM4nk44VDtkudRRPP6IdqMCeiMKKJ+ bcVZJxT9NfnksoD0m76J8FjHzV2Tf0BNLuM7W7Kf+ucP9yUwjHlFmdJf6JcNOm0v rR/NzHwq8SN1m5tXblKILufogW8N/PQA/8DaO/FlNG9AgmW5yOIujndQeV9+q0Ve 27TKI23jelekta8gxJH1gdw8+A54D9tbVTlwsX4QexAbAP6ruBZVvlT/3dW0IwrH ECZ/r3fmbtqKCxjToAN/0VnhTZUxyScrRhXl5/lpez4jadn7ShJv2Xsr5fuU9SCz NMOFhSFcibLdhg2h2cqGK6CD27KSV4gGTABWQX3EfHPj4S0mIdRAnxI+OMHvXUQF 2ifyHs7pvU47wzIYuTB6dQBkI68qRseaew+hX6/OXfbhTBj3SHFD3kR253bz/Git IsD6r3ywEn0uNfNK0a3oKDA31/id+c0vk9uRESnbkC2P9MWGNXLXEVlR3l47Tc8F Xg73qtfWWsjuh+USmukbmC6woyF18ecW+0zUZchJs/0izD5I/vwIbcZ4jwARAQAB tEVEaWdpdGFsT2NlYW4gU2VjdXJpdHkgKElzc3VlZCAyMDE0LTA5LTI0KSA8c2Vj dXJpdHlAZGlnaXRhbG9jZWFuLmNvbT6JAjcEEwEKACEFAlQjLKMCGwMFCwkIBwMF FQoJCAsFFgIDAQACHgECF4AACgkQ+W28R6IhME1q0A/+OlCeZ8HnfVuMgpweAYyu GcA53zPBJTP1OPhjrm4viuq9jy41XfFKbroUvZCeEkIN/gYJHcE1b5xnf4VF8h5N Y5V9iYja+XmRMovGB4hmd+FL2XgxyL1uCLAFMD/FugyETkg10BRe8wMkXooljdHS eatxQIxgSfradm7n3KV4BzzpDLegWHTWFYeuH6YZHXOMDF2F56FY5KvPPGh0A9yV SS4OvV/lbnbWJE5Uvbuj58e6E/+KKHJSYZpBe2BzS94TD8jzqiThq8RaRn2UFmm0 A6lAhqmKa2NOQ2p6Q02zzWWXHV9cbanYV9tO0VZWVCNF+3K3Ms8HtFSJM2V15vvW 08uH0YTtibQzznK5TmC+hduyNejEw/eW/2FuDeYnp7GnhUhuf8TleMyEkFIMDxjB drHbNTYgoMgJwm55bnoe496phE79wOZ091XuudOoUzOlXXzNUCQkHCRuDsWq1IiR fHiUcmF8uNchEo4w97hKuv0ibZM9CBevpBfW7Fg3A58ilRhwkXQCVZmrREh3zqkl VJacSXbIePhYf4kXHe3iOe/XkKrErPmcL0wC27zBM4TfHIpQcdCS0XiXAUEz6+Ar oE7+I7ZZredzNeGbmBUWanaoeJzYFxHM/an8rrxpgBIItWwUT8bxmCkFyxn0GfGN DrfA1ZEZAu5QkYer647pZni5Ag0EVCMsowEQAMB2PEEPcsR44HtqT0/5cd3v4H4H JCT5So4/kYcx7rntZWCnUnU3/DHhJRuvyZ3IZZfDrdENE6bHrkD4Awua3wboxlRb Tgxf28qPrw2GaOO2adJbf5iB3LOqyxTXKYkt4N1Zjc0+7ZDOahlkszFwQAJftp8A /MK/SEW79ePshGjRbLpGNuIW02ZMh7sjzrRnyvr7ouZJb3WmnYJ9pQa4/3sG/Oy9 +26SyAF508vNdZBeCr4IEC/Oz0bK68lkJZM0ywpHTmvU/4OczggQNtIdnUJja9hM g88HtvdkjzBHGo9cvnS7Vpsnj8bQ3y7/onT/LbHl5KgB/IxuLaCFJEGdfsJl3u+T JUbAyWl+FlUHB7BGcEl6cXWw7VD7wlCry2MSB3r2kwNKMg3HghsTlgOWd+oWAHS7 vFdG3wEil22GKZ7cz4WAnysYMMM0toTqayDyHZLxstwtOP0wbka2t7Nh3DbEEVTe qq9Onfj1KPzqni7gLMLHRKX3JRSTigVA9Tu5cQsi/vUPU08a7knL3i9b2z4tcKlO 8c8aq0Jj8EG3Z1OKBvzHjcHG0qDna5uL5js3R7Oax8Cz1JVBTapKoy9r4eYt15/p TjpK0m9Mr5xfUGMerMmDauhefizGcGyaBvzfaJcorQ82mOICyrOXb/IZ+2izw7YT OJfwZyalv0GdnUqvABEBAAGJAh8EGAEKAAkFAlQjLKMCGwwACgkQ+W28R6IhME2H aA//XTbBIED42GNzBGbhafNGNDXZJqeR5IoYI3sy2O3Ujj4cDMC4Y2GgV7JctImq jpR2brTqb2nSkPnjlbjRCu1SHUGbKZPrR5b623affPZXooKuANSs1HS2ruU5jCz2 WtIotAHbxue/65QeIdiVHqRUHr1rRyo+BCVIE6maEWADDoaq//r2yT6Ne/c5ezmO tYrAFiRcJcRWThvGsiKjRoYme5kMd/BhokoyqZm225GWGK42W2M65704K5blhGOO BkUCZIjR86frypXulQHZmiZrDzJBScoHRvA8bzihjKGByAYSpxirragtXje84t/X bMBQdleR0z+kn4QJ0je+yy+PzXS8ClboP8Pf1MqLXLYpuLes2XOnuGwNbMT+h421 Dmkj184gWTil+U4REeCcTSL8v21j3UVBBrS1VjiJrdXBbuH0WFAgTSvNhdUvl0GA F5JmJ25MZI4YMLrCLGS0v5em933hIaak+77TzrYiqZynYrs5Ixn6wbzbuvLkHeqW NDBznhaRR4xmvlxC5YKEluO+mOt6/Vez+L6Hn5LRcqqcinRViBrJaqIXPBU/eBu8 cnMKViHExPZa11uJAseoiIRKCDuqwlik9j55+VhXnU9G3pIvYAMP0tZxGW33Fs2M /6HJboUxz8wZBOiYZ0zRZjGOFfshhb9Ur+0JF2oh0ZRkatE= =9DQt -----END PGP PUBLIC KEY BLOCK-----
We thank you in advance for any disclosures that you will send our way and would like to thank the following individuals for their contribution and help in keeping DigitalOcean secure!
Randy Morse, Kamal Nasser, Jesper Wallin, Luke Strickland, Kenneth White, Joshua Lund, Mike Cardwell, Neal Poole, Nicholas Zaillian, Rafael Pablos, Jigar Thakkar, Nitesh Shilpkar, J Muhammed Gazzaly, Alejandro Lazaro, Ehraz Ahmed, Umraz Ahmed, Sebastian Neef, Anand Prakash, Bitquark Security Research, Tejash Patel, Simon Brown, Bernardo Rodrigues, Harshit Shukla, Rupesh Reddy, Kamil Sevi, Osman Doğan, Lin Song, Guillaume Parent, Agastya Rz, Morgan Smith, Prakhar Prasad, Ali Hassan Ghori, Sergey Belov, Prakhar Prasad, Mohit Gupta, Frans Rosén, Yasir Taşdemir, Mohd Haji, Mayank Bhatodra, Max Moroz, Nikhil Mittal
Virtual Server Security & Employee Access
Virtual server security and data integrity is of the utmost concern at DigitalOcean. As a result none of our technical support staff have any access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only our engineering team has direct access to the backend servers.
We use only premier datacenter facilities for colocating our equipment including: Equinix, Telx, and Telecity. Each site is staffed 24/7/365 with onsite security and to protect against unauthorized entry. Each site has security cameras that monitor both the facility premises as well as each area of the datacenter internally. There are biometric readers for access as well as at least two factor authentication to gain access to the building. Each facility is unmarked so as not to draw any additional attention from the outside and adheres to strict local and federal government standards.
Credit Card Security
We hand off credit card processing to Stripe. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information. For PayPal transactions we pass off customers directly to PayPal who is also PCI compliant.
All communications with DigitalOcean are transmitted over SSL (HTTPS) for both access to the public website as well as the API. We provide connectivity to the virtual servers via SSH and recommend that customers use SSH keys to setup their access.
Snapshot and Backup Security
Snapshots and Backups (images) are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can manage directly in how many regions their snapshots exist which allows customers to increase the redundancy of the files that are stored in the backend.
We would love to hear from you if you have any questions regarding any specific policy that could be made clearer or any general inquiries regarding security. If you're already a customer, please open a support ticket through our control panel so that our support team can help you. Alternatively, please use the form on our contact page.