Skip to content

Security

IsoVault keeps backups private-by-design: Zero Trust connectivity, scoped credentials, and encryption you control.

Encryption

  • Client-side: Proxmox Backup Client encrypts data before it leaves your host; keys stay with you.
  • Server-side: optional management of repository keys with rotation guidance; no key escrow.
  • In transit: TLS 1.2+ for tunnel and PBS endpoints; pin with PBS_FINGERPRINT.
  • Integrity: chunk-level checksums and periodic verification jobs to catch silent corruption.

Identity & access

  • Cloudflare Zero Trust policies (SSO, device posture, service tokens) on every tunnel endpoint.
  • Role-based PBS tokens (DatastoreBackup, DatastoreReader) per repo/namespace.
  • Audit-friendly logs for token use, backup/restore requests, and access changes.
  • Rotate tokens regularly; disable unused tokens and prefer dedicated writer/reader pairs.

Network posture

  • Egress-only from PBS to Cloudflare Tunnel; no public inbound ports required.
  • Optional IP allowlists and mTLS for service accounts.
  • Firewall defaults: deny inbound, allow outbound 443 to Cloudflare, restrict DNS to trusted resolvers.

Data isolation & tenancy

  • Datastores and namespaces isolate customers/teams; tokens scoped to the minimal namespace.
  • Optional immutability windows to guard against accidental or malicious deletion.
  • Region selection on managed storage for residency needs.

Threat model & shared responsibility

  • IsoVault: secures managed PBS instances, tunnels, and monitoring for freshness/integrity.
  • You: manage token hygiene, endpoint health, and application-level encryption if required.
  • Regular restore drills are encouraged; we can schedule guided exercises on request.

Security contact

  • Email help@isovault.tech for disclosures; include steps to reproduce and impact.
  • We aim for initial acknowledgment within 1 business day.