Security

Structurizr is built using a number of cloud-based services including Pivotal Web Services, ClearDB and SendGrid. This page describes how your data is secured and the data storage options you have.

Password

Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.

API keys and secrets

Your API keys and secrets are stored encrypted, with a random salt.

Sharing token

The token used in workspace sharing links is also stored encrypted, with a random salt.

Workspaces

There are a number of options for storing your workspace data (the JSON representation), each of which has a different balance between security and usability.

How is data stored by default?

Your workspaces are stored on our servers using AES encryption with a 128-bit key, a random salt and a passphrase that resides on the server.

Can I encrypt my own data?

For additional peace of mind, we support client-side encryption.

Can I use Structurizr without uploading my software architecture model to the cloud?

Yes, options include local storage, the on-premises API and the on-premises UI.

Server locations

Structurizr is deployed onto Pivotal Web Services Cloud Foundry, which is itself hosted on Amazon EC2 in US-East-1. You can find more information on the Pivotal Web Services Knowledge Base.

Data is stored in ClearDB, which is also hosted on Amazon EC2 US-East-1.