Security is the foundation of CloudRay. We designed our platform to let you manage your infrastructure without compromising on safety. This guide outlines our security architecture and answers common questions.

How We Protect Your Data

Secure Agent Connectivity

The CloudRay Agent is our recommended method for connecting servers. It is fully open source, so you can audit the code yourself on GitHub.

The Agent initiates a secure outbound connection to our platform. This means:

  • You do not need to open inbound ports on your firewall.
  • You do not need to expose SSH to the public internet.
  • All traffic is encrypted via TLS 1.3.

SSH Key Encryption

If you choose to use SSH-based access, your private keys are encrypted at rest using industry-standard AES-256 encryption. They are strictly used only when CloudRay needs to establish a connection to your server for a requested task.

Access Control

Role-Based Access

You retain full control over your servers. You can revoke CloudRay’s access at any time by:

  • Uninstalling the Agent: 
    curl -sSfL https://cloudray.io/uninstall.sh | sudo bash
  • Removing the SSH key from CloudRay.

Frequently Asked Questions

Do you store my server passwords?

If you select password-based SSH authentication, credentials are encrypted at rest. However, we strongly recommend using SSH Keys or the CloudRay Agent for better security.

What data does the Agent collect?

The Agent collects only specific system metrics (CPU, RAM, Disk usage) to provide real-time monitoring. It does not access your application code, databases, or customer data unless you explicitly create a script to do so.

Can I audit CloudRay’s actions?

Yes. All scripts that are run are logged. You can view these audit trails in the Runlogs section of your dashboard. Runlogs are retained for a set period based on your plan; during this time, they cannot be manually deleted to ensure a tamper-proof audit history.