{"_id":"5a8fae0468264c001f20cc38","category":{"_id":"5a8fae0368264c001f20cc04","version":"5a8fae0268264c001f20cc00","project":"5633ebff7e9e880d00af1a53","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-05-31T04:26:39.925Z","from_sync":false,"order":5,"slug":"versions","title":"Bonsai.io Platform"},"parentDoc":null,"project":"5633ebff7e9e880d00af1a53","user":"5633ec9b35355017003ca3f2","version":{"_id":"5a8fae0268264c001f20cc00","project":"5633ebff7e9e880d00af1a53","__v":4,"createdAt":"2018-02-23T06:00:34.961Z","releaseDate":"2018-02-23T06:00:34.961Z","categories":["5a8fae0268264c001f20cc01","5a8fae0268264c001f20cc02","5a8fae0368264c001f20cc03","5a8fae0368264c001f20cc04","5a8fae0368264c001f20cc05","5a8fae0368264c001f20cc06","5a8fae0368264c001f20cc07","5a8fae0368264c001f20cc08","5a8fae0368264c001f20cc09","5abaa7eb72d6dc0028a07bf3","5b8ee7842790f8000333f9ba","5b8ee8f244a21a00034b5cd9"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"2.0.0","version":"2.0"},"githubsync":"","__v":0,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-12-23T20:09:31.299Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":6,"body":"At Bonsai, security and privacy are always a top concern. We are constantly evaluating the service and our vendors for vulnerabilities and flaws, and we will immediately address anything that could put our customers at risk.\n\nTo answer a number of frequently asked questions about how we keep your data secure, we published a blog entry, [Six Important Facts about Bonsai Security](https://bonsai.io/blog/bonsai-security), which remains up to date. The highlights are:\n\n* **Access Controls** All Bonsai clusters are provisioned with a unique, randomized URL and have HTTP Basic Authentication enabled by default, using a randomly generated set of credentials. Under this scheme, it would take the world's fastest super computer around 23.5 quadrillion years to guess.\n\n* **Encrypted communications.** All Bonsai clusters support SSL/TLS for encryption in transit. We use industry standard strength encryption to ensure your data is safe over the wire.\n\n* **Encrypted at rest.** Bonsai clusters are provisioned on hardware that is encrypted at rest by default. In addition to Amazon's [physical security controls](https://aws.amazon.com/compliance/data-center/controls/), this means your data is safe from physical theft.\n\n* **Regular Snapshots.** All paid Bonsai clusters receive regular [snapshots](doc:how-bonsai-manages-snapshots), which are stored in an offsite, encrypted S3 bucket in the same region as the cluster.\n\n* **Firewalled.** All Bonsai clusters are accessed via a custom-built, high-performance layer 7 routing proxy, and sit behind a tightly controlled firewall. This helps to ensure that the cluster and data are protected from port scans and unauthorized persons.\n\n* **Advanced Networking.** Bonsai can support IP whitelisting, and [VPC Peering](doc:heroku-private-spaces-vpc-peering) to users on [single tenant](doc:architecture-classes) clusters.","excerpt":"","slug":"security","type":"basic","title":"Security"}
At Bonsai, security and privacy are always a top concern. We are constantly evaluating the service and our vendors for vulnerabilities and flaws, and we will immediately address anything that could put our customers at risk. To answer a number of frequently asked questions about how we keep your data secure, we published a blog entry, [Six Important Facts about Bonsai Security](https://bonsai.io/blog/bonsai-security), which remains up to date. The highlights are: * **Access Controls** All Bonsai clusters are provisioned with a unique, randomized URL and have HTTP Basic Authentication enabled by default, using a randomly generated set of credentials. Under this scheme, it would take the world's fastest super computer around 23.5 quadrillion years to guess. * **Encrypted communications.** All Bonsai clusters support SSL/TLS for encryption in transit. We use industry standard strength encryption to ensure your data is safe over the wire. * **Encrypted at rest.** Bonsai clusters are provisioned on hardware that is encrypted at rest by default. In addition to Amazon's [physical security controls](https://aws.amazon.com/compliance/data-center/controls/), this means your data is safe from physical theft. * **Regular Snapshots.** All paid Bonsai clusters receive regular [snapshots](doc:how-bonsai-manages-snapshots), which are stored in an offsite, encrypted S3 bucket in the same region as the cluster. * **Firewalled.** All Bonsai clusters are accessed via a custom-built, high-performance layer 7 routing proxy, and sit behind a tightly controlled firewall. This helps to ensure that the cluster and data are protected from port scans and unauthorized persons. * **Advanced Networking.** Bonsai can support IP whitelisting, and [VPC Peering](doc:heroku-private-spaces-vpc-peering) to users on [single tenant](doc:architecture-classes) clusters.