Security¶
Security guidance for protecting credentials and data in Dango projects.
Overview¶
This section covers:
- How Dango handles credentials securely
- What you need to do to protect your data
- Best practices for production deployments
Security Model¶
What Dango Handles¶
Dango implements several security measures automatically:
| Feature | Description |
|---|---|
| Authentication | Password login with optional 2FA, OAuth (Google/GitHub), API keys |
| Role-Based Access Control | 3 roles (Admin, Editor, Viewer) with 29 named permissions |
| Brute-Force Protection | Account lockout after 5 failed attempts, rate limiting |
| Audit Logging | 44 security event types logged to append-only JSONL |
| Credential Storage | API keys stored in .dlt/secrets.toml |
| OAuth Tokens | Auto-refresh for Google; tokens stored securely |
| Credential Masking | Secrets masked in logs and UI |
| Cloud Hardening | SSH key-only, fail2ban, auto-TLS, unattended upgrades |
What You Must Do¶
Security is a shared responsibility:
| Your Responsibility | How |
|---|---|
| Set strong passwords | Use a password manager; min 8 chars, avoid common passwords |
| Enable 2FA | Set up TOTP for admin accounts |
| Protect API keys | Never commit to git |
| Secure secrets.toml | Add to .gitignore |
| Review audit logs | Check for suspicious activity regularly |
| Backup securely | Encrypt sensitive backups |
Security Guides¶
-
Authentication
How Dango authentication works: passwords, sessions, and login flows.
-
Users & Roles
Manage users with admin, editor, and viewer roles.
-
Two-Factor Auth
TOTP-based two-factor authentication for enhanced security.
-
Credential Management
How Dango stores and manages API keys and credentials.
-
OAuth Tokens
OAuth token lifecycle and security considerations.
-
Hardening Guide
Security hardening for production and cloud deployments.
-
Audit Logging
Track security-relevant events with the audit log.
-
Best Practices
Security best practices for Dango projects.
Quick Security Checklist¶
Before Starting¶
- Create
.gitignorewith credential patterns - Understand where secrets are stored
- Plan credential rotation strategy
During Development¶
- Use environment variables for sensitive values
- Never hardcode credentials
- Review commits before pushing
For Production¶
- Enable two-factor authentication for all admin accounts
- Configure session timeouts for cloud
- Set up IP restriction or Cloudflare proxy
- Set a domain for auto-TLS
- Review audit logs regularly
- Set up uptime monitoring
- Secure backup storage
Security Boundaries¶
In Scope (This Documentation)¶
- Authentication (passwords, OAuth, API keys, sessions)
- Two-factor authentication (TOTP)
- Role-based access control (Admin, Editor, Viewer)
- Credential storage and OAuth token management
- Audit logging
- Cloud hardening (SSH, TLS, fail2ban, firewall)
- Git security patterns
Out of Scope¶
The following are not currently covered:
- Enterprise authentication (SSO, LDAP)
- Row-level security / database access control
- Network-level DDoS protection (recommend IP restriction or Cloudflare)
Reporting Security Issues¶
If you discover a security vulnerability:
- Do not open a public GitHub issue
- Email security concerns to the maintainers
- Include reproduction steps
- Allow time for a fix before disclosure
Next Steps¶
- Authentication - How Dango authentication works
- Users & Roles - User management and permissions
- Credential Management - How credentials are stored
- Hardening Guide - Production security recommendations