Security Architecture
ArmorDB is designed with a "Secure by Default" philosophy. We employ multiple layers of defense to protect your data, from hardware-level isolation to application-layer encryption.
Encryption at Rest
All database volumes and backups are encrypted using AES-256-GCM. Encryption keys are managed through a dedicated Hardware Security Module (HSM) and rotated regularly.
Network Isolation
Each database instance runs in a strictly isolated container environment with enforced CPU and memory limits. Network traffic is restricted to authenticated mTLS connections only.
Mutual TLS (mTLS)
Unlike standard PostgreSQL hosting which often relies solely on password authentication, ArmorDB mandates Mutual TLS for all internal and agent-to-backend communication. This ensures that both the client and the server are verified via cryptographic certificates.
- Prevents man-in-the-middle attacks by verifying server identity.
- Hardens the database against brute-force password attempts.
- Ensures data integrity during transmission.
SOC 2 & Compliance
ArmorDB is built on SOC 2 Type II compliant infrastructure. While we are a young company, we adhere to the strictest security standards for data handling and access control. Detailed security reports are available for Enterprise customers upon request.