Security

Container Duck is designed with security as a default, not an afterthought. Every layer of the platform enforces isolation and authentication.

Authentication

Every request to every app is authenticated. There are no exceptions.

• JWT-based auth — Secure token-based authentication
• Automatic session management — Login once, access all your apps
• Cross-app SSO — Single sign-on across all apps in your project

Network Security

• Project isolation — Traffic between projects is blocked by default
• Traffic control — Apps only communicate when you explicitly allow it
• TLS everywhere — All traffic is encrypted in transit

Data Security

• Encrypted storage — Data at rest is encrypted
• Continuous backups — Your database is backed up continuously
• Point-in-time recovery — Restore to any second in the last 30 days

Infrastructure

• Your infrastructure — Container Duck runs on your servers, not shared cloud
• Open source — Every component is open source and auditable
• No vendor lock-in — Export your data and move anywhere, anytime