Documentation Index
Fetch the complete documentation index at: https://docs.rivestack.io/llms.txt
Use this file to discover all available pages before exploring further.
Encryption
In transit
All connections to Rivestack databases require SSL/TLS. Unencrypted connections are rejected at the protocol level.
| Setting | Value |
|---|
| SSL mode | require (enforced) |
| TLS version | TLS 1.2+ |
| Certificate | Signed by trusted public CA |
postgresql://user:pass@host:5432/mydb?sslmode=require
At rest
- Database storage: Encrypted at the volume level on all nodes
- Backups: Encrypted in S3-compatible object storage
- WAL archives: Encrypted alongside backups
Network security
Private networking
Database nodes communicate over private networks. Only the load balancer endpoint is exposed to the public internet.
Port access
| Port | Service | Access |
|---|
| 5432 | PostgreSQL | Via load balancer |
Authentication
- Database users: Username/password authentication over SSL
- Dashboard: Authenticated via Auth0 with email verification
- API: API key authentication (used internally by the Terraform provider)
Infrastructure
| Component | Details |
|---|
| Data centers | EU (Falkenstein, Germany), US (Virginia, USA) |
| Node isolation | Dedicated VMs per HA cluster |
| Internal communication | Private network between cluster nodes |
| Backups | Stored in S3-compatible object storage, separate from database nodes |
Compliance
| Standard | Status |
|---|
| GDPR | EU Central region stores all data within the EU |
| Encryption in transit | Enforced on all connections |
| Encryption at rest | All storage volumes and backups |
Reporting vulnerabilities
If you discover a security vulnerability, please report it to hi@rivestack.io.
