As part of DigitalOcean’s shared responsibility model, you are responsible for securing data stored on our services.
For data security purposes, we recommend that you protect DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams to help maintain proper access for your services. We also recommend that you secure your data in the following ways:
Following our Recommended Steps to Securing a DigitalOcean Kubernetes Cluster tutorial
Use Secrets to store sensitive information
Enabling auto-upgrades on your cluster
Use a security scanner from a public repository
On Kubernetes 1.19 and later versions, we now provision two fully-managed firewalls for each new Kubernetes cluster. One firewall manages the connection within the VPC, and the other manages connections between worker nodes and the public internet.
Kubernetes Secrets maintained in etcd are encrypted at rest. This is an additional layer of hardware encryption that provides even stronger security.
All traffic to and from the Kubernetes API is secured by TLS.
For more information on how to set up monitoring for Kubernetes, please refer to the Kubernetes Monitoring Documentation. DigitalOcean does not offer audit logging at this time.
Kubernetes is audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request, please visit our Trust Platform Certifications page.
As an infrastructure as a service offering, DigitalOcean maintains the security of the infrastructure the Droplets are hosted on. For more details, please review our Infrastructure Security Overview page.
You can enable high-availability for your Kubernetes cluster. Please refer to the High Availability Documentation. At least one data center in every region supports Kubernetes.
DigitalOcean manages encryption keys for etcd, TLS keys, and certificates for the Kubernetes API. We hand out credentials in the form of configuration files to your Kubernetes clusters (aka the kubeconfig) You are responsible for securing those credentials.