Security

Arctickey is built with security-first design. Your data is protected in transit and at rest.

TLS Encryption#

All connections use TLS 1.3 encryption. Unencrypted connections are not supported.

Connection String#

Always use rediss:// (with double 's') for TLS:

TEXT
rediss://:YOUR_PASSWORD@YOUR_INSTANCE.eu.arctickey.com:6379

Certificate Verification#

We use valid certificates from Let's Encrypt. Most clients verify automatically:

TypeScript
// ioredis - works out of the box const redis = new Redis('rediss://:PASSWORD@YOUR_INSTANCE.eu.arctickey.com:6379'); // If you need to customize TLS options const redis = new Redis({ host: 'YOUR_INSTANCE.eu.arctickey.com', port: 6379, password: 'YOUR_PASSWORD', tls: { // Standard verification (recommended) rejectUnauthorized: true, }, });

Password Authentication#

Every instance has a unique, randomly-generated password:

  • 32+ characters
  • Alphanumeric with special characters
  • Automatically generated on creation

Password Location#

Find your password in the dashboard:

  1. Click on your instance
  2. Click Connect
  3. Copy the password

Best Practices#

  • Never commit passwords to git
  • Use environment variables
  • Rotate passwords periodically
Terminal
# .env (never commit this file) REDIS_URL=rediss://:YOUR_PASSWORD@YOUR_INSTANCE.eu.arctickey.com:6379

IP Whitelisting#

Restrict access to specific IP addresses for additional security.

Setting Up IP Whitelist#

  1. Go to your instance dashboard
  2. Click Security tab
  3. Add IP addresses or CIDR ranges

Whitelist Formats#

TEXT
# Single IP 192.168.1.100 # CIDR range 10.0.0.0/8 # IPv6 2001:db8::1

Common Scenarios#

Office Network:

TEXT
203.0.113.50 # Office public IP

Cloud Providers:

TEXT
# Vercel (check their docs for current IPs) # Heroku (use their outbound IPs) # AWS (your NAT gateway or Elastic IP)

Testing Access#

Terminal
# From allowed IP redis-cli --tls -h YOUR_INSTANCE.eu.arctickey.com -p 6379 -a YOUR_PASSWORD PING # PONG # From blocked IP # Connection refused or timeout

Network Security#

Private Networking#

Arctickey instances run in isolated Docker networks:

  • Instances can't communicate with each other
  • Each instance has its own network namespace
  • Traffic is routed through HAProxy

DDoS Protection#

  • Cloudflare protects our infrastructure
  • Rate limiting on connections
  • Automatic blocking of suspicious traffic

Data Privacy#

Data Location#

All data is stored in EU data centers:

  • 🇩🇪 Germany (Falkenstein, Nuremberg)
  • 🇱🇹 Lithuania (Vilnius)

Data never leaves the European Union.

GDPR Compliance#

As a Swedish company storing data in EU:

  • We are a data processor under GDPR
  • DPA agreements available on request
  • Right to deletion supported
  • Data portability supported (export via redis-cli)

Data Retention#

Data TypeRetention
Instance dataUntil you delete it
BackupsPer plan (1-30 days)
Logs30 days
Audit trail90 days

Security Best Practices#

  1. Use IP whitelisting in production
  2. Rotate passwords periodically
  3. Use environment variables for credentials
  4. Monitor for unusual activity (spikes in connections, commands)
  5. Keep client libraries updated
  6. Don't store sensitive data unencrypted in Redis

Reporting Security Issues#

Found a vulnerability? Email us at security@arctickey.com

We take security seriously and will respond within 24 hours.

Compliance#

StandardStatus
GDPR✅ Compliant
NIS2✅ Ready
SOC 2🔄 In progress
ISO 27001📋 Planned