How is my sensitive information stored?
We understand that you're placing a lot of trust in us by providing login information to your source control, and deployment environment.
It is because of this that we utilise industry best practice when it comes to the storage of this information. Your information is kept safe using 4096 bit encryption making it extremely hard for an attacker to gain access to your information. Adding to this the encryption keys are stored in a way that makes them extraordinarily hard for anyone to access – even OnCheckin staff.
We also make the following recommendations to help secure both your source control and web servers:
- If you are able to, make a separate account in your source control for OnCheckin to use; do the same for your deployment by creating a separate FTP, Web Deploy or SFTP account for us . This way you can control access to your servers by us separately, and can audit and deny access more easily.
- Where possible use long, hard to guess passwords for access to your source control and deployment environments. A password from a tool such as the one on this site, with 15-30 characters in length will assist with this.
- Limit access to your source control and deployment environments to only IP addresses owned by OnCheckin.
Currently OnCheckin is hosted on cloud infrastructure in the US and Europe. If you would like to whitelist access to your environment you can view our IP address ranges here.