Data Security

As part of DigitalOcean’s shared responsibility model, you are responsible for securing data stored on our services. To ensure data can only be accessed by the proper users and applications, we encourage you to secure and encrypt all data stored on Spaces to the appropriate level of your security requirements.

For data security purposes, we recommend that you protect your DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams, secured with two-factor authentication, to help maintain proper access for your services. We also recommend that you secure your Spaces data per the following documents:

Encryption At Rest

Data on Spaces is encrypted at rest, which reduces the risk of a data breach via malicious hardware access. If you are concerned about the privacy of the data stored on Spaces, and would not want this data accessible in the event of a data breach, then you should also encrypt the data using S3 encryption with customer-provided encryption keys

Encryption In Transit

Spaces use HTTPS and TLS by default for data transmitted between Spaces and your application.

Logging and Monitoring

Currently, we do not offer logging and monitoring services for Spaces. If you require additional logging and monitoring, please identify your requirements and consider third-party services like Papertrail, Logtail, or Datadog


Spaces is audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request access to this report, please visit our Trust Platform Certifications page.

Infrastructure Security

As an infrastructure as a service offering, DigitalOcean maintains the security of the infrastructure the Droplets are hosted on. For more details, please review our Infrastructure Security Overview page.

Data Center Location Availability

Spaces regional availability is shown in our Spaces Availability guide. Utilizing multi-regions for redundancy is a best practice for your services.

Key Management

We provide you with one or more Access Keys, which are required to be used to access the data if the data is not marked as Public. You are responsible for safeguarding those keys to ensure that only the appropriate users and applications have the appropriate access. For more information, please refer to How to Manage Administrative Access to Spaces.