Product Security

Every Bamboozle product includes built-in security features to help you protect your infrastructure. This page summarizes the security capabilities available across our product lines.

Cloud and Compute

• SSH key authentication — add SSH keys at VM creation time to replace password-based access
• Cloud Firewalls — stateful firewall rules applied at the network level, before traffic reaches your VM
• Virtual Private Cloud (VPC) — private network isolation between your resources, with no internet exposure by default
• Encrypted volumes — block storage volumes encrypted at rest with AES-256
• Private networking — inter-VM communication over a private network that is not exposed to the internet
• User data and cloud-init — securely inject startup scripts without embedding credentials in images

Networking

• Cloud Firewalls — control inbound and outbound traffic at the network edge with granular rules
• DDoS protection — all Bamboozle resources benefit from network-level DDoS mitigation at no additional cost
• Load Balancers with TLS termination — terminate SSL/TLS at the load balancer with Let's Encrypt integration for free certificates
• SSL passthrough — pass encrypted traffic directly to backend VMs without terminating at the load balancer
• VPN — site-to-site VPN for secure connectivity between your on-premises network and Bamboozle infrastructure
• Floating IPs — reassign public IPs instantly without DNS propagation delays, useful for failover scenarios

Storage

• Encryption at rest — all block and object storage is encrypted at rest with AES-256
• Encryption in transit — all data transferred to and from storage services uses TLS
• Access keys — S3-compatible access key and secret key pairs for programmatic access to Object Storage
• Bucket policies — fine-grained access control policies for Object Storage buckets
• Private buckets — Object Storage buckets are private by default with no public access unless explicitly enabled

Kubernetes

• Network policies — standard Kubernetes and Cilium network policies to restrict traffic between pods and namespaces
• Private worker nodes — all traffic to worker nodes from the internet is blocked by default
• Role-based access control (RBAC) — Kubernetes RBAC enabled by default on all clusters
• Secrets management — Kubernetes secrets for storing sensitive configuration data separate from application code
• Automated upgrades — keep clusters on supported Kubernetes versions to maintain security patch coverage

Account Security

• Two-factor authentication — TOTP-based 2FA available for all accounts, strongly recommended for all users
• API tokens — scoped API tokens with read-only or read-write permissions and optional expiry dates
• Team management — invite team members with granular role assignments
• OAuth applications — third-party OAuth integration with defined permission scopes
• Login notifications — email alerts on new sign-ins from unrecognized devices or locations
• Audit logs — account activity logs showing all actions taken on resources

Contact Us

For questions about product security features or to report a vulnerability, contact us at [email protected].