Security

Structurizr is built using a number of cloud-based services including Pivotal Web Services, Amazon RDS and SendGrid. This page describes how your data is secured and the data storage options you have.

Password

Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.

API keys and secrets

Your API keys and secrets are stored encrypted, with a random salt.

Sharing token

The token used in workspace sharing links is also stored encrypted, with a random salt.

Workspaces

There are a number of options for storing your workspace data (the JSON representation), each of which has a different balance between security and usability.

How is data stored by default?

Your workspaces are stored on our servers using AES encryption with a 128-bit key, a random salt and a passphrase that resides on the server. A small quantity of metadata (workspace name, description and a low resolution thumbnail) is stored unencrypted to make rendering your dashboard page easier.

If applicable, the full resolution image versions of your software architecture diagrams are stored as non-public objects using AES-256 encryption in Amazon S3. These are used for the image embed feature.

Can I encrypt my own data?

For additional peace of mind, we support client-side encryption on paid plans.

Can I use Structurizr without uploading my software architecture model to the cloud?

Yes, options include local storage and the on-premises installation.

Server locations

Structurizr is deployed onto Pivotal Web Services Cloud Foundry, which is itself hosted on Amazon EC2 in US-East-1. You can find more information on the Pivotal Web Services Knowledge Base.

Data is stored in Amazon RDS and S3, which is also hosted in US-East-1.