Security Overview

Onvera is built with security and trust as core principles.

Security Features

Data Isolation

• Flexible isolation model - Start with shared resources, evolve to dedicated infrastructure or BYOC
• Database isolation - Each organization has separate databases
• Infrastructure isolation - Choose isolation level per deployment (shared, dedicated, or BYOC)
• Network isolation - Network-level isolation that scales with your needs
• Secret isolation - Secrets stored securely per deployment

Learn more: Data Isolation

API Key Security

• Secure storage - API keys are stored securely
• Scope-based access - Limit permissions with scopes
• Expiration support - Set expiration dates for keys
• Revocation - Revoke keys immediately when needed

Learn more: API Keys

Audit Logging

• Complete audit trail - All actions are logged
• API key usage tracking - Monitor key usage
• Operation history - Track all operations

Learn more: Audit Logs

Best Practices

1. Rotate keys regularly - Every 90 days recommended
2. Use scoped keys - Limit permissions when possible
3. Monitor usage - Review audit logs regularly
4. Revoke unused keys - Remove keys that are no longer needed

Compliance

Onvera provides:

• Audit logs - Complete activity tracking
• Data isolation - Tenant separation
• Access controls - Role-based access
• Encryption - Data encryption at rest and in transit

Reporting Security Issues

Report security vulnerabilities to: security@onvera.io

Related Topics

• API Keys - API key security
• Audit Logs - Audit logging
• Data Isolation - Multi-tenant isolation