Security

Your infra data
stays yours.

ServerConfigs is built for teams who can't afford a security incident. We apply the same rigour to protecting your infrastructure data that you apply to your infrastructure itself.

Security controls

01

Read-only access

ServerConfigs never modifies your infrastructure. All integrations operate with the minimum permissions necessary to read live state — no write, no delete, no execute.

02

Encryption at rest and in transit

All data is encrypted with AES-256 at rest. All communication uses TLS 1.3. Encryption keys are rotated automatically and managed by AWS KMS.

03

No data retention by default

Query responses are ephemeral by default. We do not store your infrastructure state beyond the session unless you explicitly enable workspace memory.

04

SSO & SAML 2.0

Authenticate via your existing identity provider. We support Okta, Google Workspace, Microsoft Entra, and any SAML 2.0-compliant provider.

05

Role-based access control

Scope what each team member can query. Engineers can be restricted to their own accounts, regions, or resource types — with full audit logging.

06

SOC 2 Type II

ServerConfigs is SOC 2 Type II certified. Our latest report is available to enterprise customers under NDA.

Security practices

Penetration testingAnnual third-party pentest. Results available under NDA.
Dependency scanningContinuous CVE scanning via Snyk and GitHub Dependabot.
Secrets managementAll secrets are stored in HashiCorp Vault — never in env vars.
Incident response< 1h SLA for critical security incidents. 24/7 on-call rotation.
Bug bountyResponsible disclosure program with defined rewards.
Employee vettingBackground checks and signed security agreements for all staff.

Security contact

To report a vulnerability, request our SOC 2 report, or discuss enterprise security requirements, reach us directly.

[email protected]