Security First
Your backup data and secrets never leave your infrastructure. Period.
TLS Everywhere
All communications between Runner and Control Plane use TLS 1.3 encryption. Certificate pinning available for enterprise deployments.
No Backup Data Transmitted
Your backup data stays on your infrastructure. The Runner fetches, restores, and verifies locally. Only metadata (status, metrics) reaches the Control Plane.
No Secrets Transmitted
Database credentials, API keys, and other secrets are resolved locally by the Runner using your existing secret management infrastructure.
Multi-tenant Isolation
Strict organization-level isolation. API keys are scoped to your organization. No cross-tenant data access is possible.
Ephemeral Probe Containers
Each probe runs in an isolated, stateless OCI container that is destroyed immediately after execution. No data persists between runs.
Cryptographic Signatures
Reports are signed with Ed25519 keys. Signatures are verified by the Control Plane, providing tamper-proof audit trails.
Local Secret Resolution
The Runner resolves secrets locally using your existing secret management infrastructure. Credentials never travel to the Control Plane.
env://file://vault://sops://secrets:
postgres_password:
# Resolved from environment
source: "env://PGPASSWORD"
mysql_password:
# Resolved from Vault
source: "vault://secret/data/mysql#password"
api_key:
# Resolved from SOPS-encrypted file
source: "sops://secrets.enc.yaml#api_key"Data Flow
Control Plane vs Data Plane
RestoreProof maintains strict separation between the Control Plane (our SaaS) and the Data Plane (your Runner). This architecture ensures your sensitive data never crosses the boundary.
Questions About Security?
We take security seriously. If you have specific requirements or questions about our security practices, let's talk.
Contact Us