Security

Securing a public cloud platform like Fly.io is a hard problem, and we take it seriously. The Fly.io platform comes with built-in security like hardware isolation, private networking over WireGuard, and TLS termination.

Organization and app security

Security for customer organizations and apps.

• Use SSO for organizations: Set up org-wide Single Sign-on with Google or GitHub.
• Remove a member from an organization: Remove a user from an organization and take steps to help keep the organization secure.
• Built-in TLS termination: You get TLS termination by default for your web apps.

Security extensions

Security add-ons from our extension partners.

• Application Security by Arcjet: Use the Arcjet security layer to protect your JavaScript app with just a few lines of code.

Tokens

Control access to your Fly.io organizations, apps, and Machines with tokens.

• Access tokens: Use tokens to manage access to organizations and apps.
• OpenID Connect: Use OpenID Connect (OIDC) to manage access to 3rd party services.

Fly.io platform security

Fly.io corporate security, compliance, and shared responsibility.

• Shared responsibility model: An overview of the separation of responsibilities for security on Fly.io.
• Fly.io security practices and compliance overview: Learn about our security practices for the Fly.io platform.

Talk to the security team

If you have a security question, concern, or believe you’ve found a vulnerability in any part of our infrastructure, please contact us. You can reach us at security@fly.io, and we can provide you with a Signal number if needed to convey sensitive information.