Security
Security considerations for Kova deployments.
Authentication
All API requests require JWT authentication:
curl -H "Authorization: Bearer TOKEN" \
https://test.kovanetwork.com/api/v1/deployments
Tokens expire after 1 hour and must be refreshed.
Container Isolation
Each deployment runs in an isolated Docker container:
- Network isolation: Containers can't access host network
- Resource limits: CPU/memory enforced by Docker
- Filesystem isolation: No access to host filesystem
Secrets Management
Don't Use Environment Variables for Secrets
Environment variables are visible in the SDL manifest. For sensitive data:
- Use volume-mounted config files
- Connect to external secrets managers
- Use encrypted environment files
Network Security
- SSL/TLS: All public traffic is encrypted
- Internal traffic: Uses Docker internal network
- Port exposure: Only explicitly exposed ports are accessible
Best Practices
- Minimal permissions: Only expose necessary ports
- Regular updates: Keep container images updated
- Secret rotation: Regularly rotate API keys and passwords
- Monitoring: Watch logs for suspicious activity
- Input validation: Validate all user inputs in your application
Reporting Security Issues
If you discover a security vulnerability, please report it to security@kovanetwork.com