grant/ten31-database
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
40a0270a99b0314fd9e6dde46ab1aa6dd1c75e4c
ten31-database/SECURITY.md
T
MacPro 7027efd777 init local package repo
2026-02-27 12:44:50 -06:00

1.1 KiB
Raw Blame History

Venture CRM Go-Live Security Checklist

1) Secrets and environment

  • Set CRM_ENV=production.
  • Set a strong CRM_SECRET_KEY (required in production mode).
  • Set CRM_CORS_ORIGIN to your exact app origin (not *).
  • Optional rate limits:
    • CRM_LOGIN_RATE_LIMIT_PER_MIN (default 20)
    • CRM_WRITE_RATE_LIMIT_PER_MIN (default 300)

2) Network access

  • Preferred: Tailscale private access.
  • Run app on local host machine; share via tailnet only.
  • Restrict OS firewall to Tailscale interface where possible.

3) TLS/HTTPS

  • If app is exposed beyond tailnet, place behind HTTPS reverse proxy (Caddy/Nginx/Traefik).
  • Do not expose raw HTTP directly to the internet.

4) Accounts and auth

  • Keep invite-only user creation through admin settings.
  • Rotate temporary passwords after onboarding.
  • Disable/deactivate stale users.

5) Backups and restore safety

  • Keep scheduled backups enabled.
  • Run backup verification after major updates.
  • Test restore in a non-primary copy before production restore.

6) Operational monitoring

  • Review activity feed and audit log regularly.
  • Watch 429 responses as early abuse/misconfiguration signal.
Reference in New Issue View Git Blame Copy Permalink