Skip to main content

Security Checklist

  • All .env secrets are randomly generated
  • DB_PASSWORD is strong and unique
  • REQUIRE_SERVER_AUTH=true
  • GIN_MODE=release and ENVIRONMENT=production
  • CORS_ALLOW_ORIGIN matches your exact domain
  • TLS certificates are installed and auto-renewing
  • Firewall allows only required ports (22/80/443)
  • Postgres, Redis, and Hydra admin (4445) are not publicly exposed
  • SSH uses key-based authentication only
  • Database backups are scheduled and tested