Security

Your connection string goes in. It does not come back out.

Credentials are encrypted before they are stored and only decrypted inside the backup job that needs them.

connection string

postgresql://backup:@db.example.com/app

stored as
encrypted
decrypted for
backup job only
returned by API
never

A backup is only complete after it restores.

The stored dump is downloaded into an isolated Postgres instance. The restore and source inventory must match before the run is marked verified.

dump

store

restore

compare

What we protect

The practical controls behind each backup.

Encrypted credentials
Connection strings are encrypted with libsodium secretbox before they are stored. They are only decrypted inside the backup process when a job needs to connect.
Private backup storage
Managed backups live in non-public object storage. Storage-provider encryption protects objects at rest, and temporary signed download links expire after five minutes.
Storage region control
Each project uses a storage location you select. New backups stay in that location unless you explicitly change it; existing backups stay where they were created.
Account access
Signed-in sessions use secure, HTTP-only cookies in production. Credentials are never returned through the API, and account security events are recorded for review. Disconnecting removes saved source credentials. Deleting a project removes its credentials, backup history and managed backup objects. Retention rules remove expired backups automatically.

Your part

A secure backup setup also depends on the access you provide and how you respond to failures.

  • Use a dedicated database user with only the permissions required for backup and rotate it if you suspect exposure.
  • Use a connection string with sslmode=require or sslmode=verify-full. ReviveDB preserves the SSL mode in the connection string you provide.
  • Keep failure notifications enabled and investigate a failed or overdue backup.

Report a security issue

Please send suspected vulnerabilities privately. Include enough detail for us to reproduce the issue, but do not include production credentials or customer data.

security@revivedb.dev