How Vorynza protects your databases, credentials, and data at every layer of the stack.
Database passwords and connection strings are encrypted at rest using AES-256-GCM before storage. Encryption keys are never stored alongside the encrypted data.
All database connections require SSL (sslmode=require). Unencrypted connections are rejected at the transport layer.
Each Vorynza service gets a dedicated database name and dedicated database role. Customers cannot access each other's databases. No shared roles.
The Vorynza API and worker process run with the minimum AWS IAM permissions required for their function. Admin credentials for the RDS cluster are never exposed to application code.
Sensitive actions — password rotation, service deletion, credential reveal — are recorded in an append-only audit log with user ID, timestamp, and action type.
Database passwords are never returned in API responses except during initial provisioning or an explicit authenticated reveal request. The requester's identity is logged.
If you discover a security vulnerability in Vorynza, please report it responsibly. We investigate all reports and respond within 2 business days.
security@vorynza.cloudPlease do not file public issues for security vulnerabilities. Use the email above.