Security
Your connection string goes in. It does not come back out.
Credentials are encrypted before they are stored and only decrypted inside the backup job that needs them.
connection string
postgresql://backup:@db.example.com/app
- stored as
- encrypted
- decrypted for
- backup job only
- returned by API
- never
A backup is only complete after it restores.
The stored dump is downloaded into an isolated Postgres instance. The restore and source inventory must match before the run is marked verified.
dump
store
restore
compare
What we protect
The practical controls behind each backup.
- Encrypted credentials
- Connection strings are encrypted with libsodium secretbox before they are stored. They are only decrypted inside the backup process when a job needs to connect.
- Private backup storage
- Managed backups live in non-public object storage. Storage-provider encryption protects objects at rest, and temporary signed download links expire after five minutes.
- Storage region control
- Each project uses a storage location you select. New backups stay in that location unless you explicitly change it; existing backups stay where they were created.
- Account access
- Signed-in sessions use secure, HTTP-only cookies in production. Credentials are never returned through the API, and account security events are recorded for review. Disconnecting removes saved source credentials. Deleting a project removes its credentials, backup history and managed backup objects. Retention rules remove expired backups automatically.
Your part
A secure backup setup also depends on the access you provide and how you respond to failures.
- Use a dedicated database user with only the permissions required for backup and rotate it if you suspect exposure.
- Use a connection string with sslmode=require or sslmode=verify-full. ReviveDB preserves the SSL mode in the connection string you provide.
- Keep failure notifications enabled and investigate a failed or overdue backup.
Report a security issue
Please send suspected vulnerabilities privately. Include enough detail for us to reproduce the issue, but do not include production credentials or customer data.
security@revivedb.dev