Atlan has adopted global industry standards in security practices and solutions. Amazon S3 server-side encryption secures the S3 bucket launched by Atlan.
Atlan uses AES-256 as the SSE algorithm in the S3 bucket. All the EBS (Elastic Block Storage) launched by Atlan is encrypted. Atlan uses encrypted storage classes to provision persistent volumes to the microservices running inside the Kubernetes cluster.
Key and credential management
Atlan uses HashiCorp Vault to manage the following:
- Keys — Vault manages encryption keys to encrypt sensitive data at rest and in transit.
- Secrets — Vault encrypts and securely stores secrets such as API keys, tokens, and credentials.
- Passwords — passwords are hashed and stored encrypted.
Data in transit
Atlan uses standard encryption to protect data in transit.
Atlan uses hypertext transfer protocol secure (HTTPS) for secure communication when data is in transit. This protocol is encrypted using Transport Layer Security (TLS).
Two-factor authentication (2FA) is also supported for accessing resources.
Data at rest
Atlan uses encrypted S3 buckets to protect the data at rest. These S3 buckets are encrypted using a 256-bit Advanced Encryption Standard (AES-256) algorithm for server-side encryption (SSE).
For the Elastic Block Store (EBS) volumes underpinning Atlan's persistent services, the EBS created by PVCs inside Kubernetes launches encrypted EBS volumes. We use the
encrypted type for provisioning PVCs.