Security

Structurizr is built using a number of cloud-based services including Pivotal Web Services, Amazon RDS and SendGrid. This page describes how your data is secured and the data storage options you have.

Password

Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.

API keys and secrets

Your API keys and secrets are stored encrypted, with a random salt.

Sharing token

The token used in workspace sharing links is also stored encrypted, with a random salt.

Workspaces

There are a number of options for storing your workspace data (the JSON representation), each of which has a different balance between security and usability.

How is data stored by default?

Your workspaces are stored on our servers using AES encryption with a 128-bit key, a random salt and a passphrase that resides on the server. A small quantity of metadata (workspace name, description and a low resolution thumbnail) is stored unencrypted to make rendering your dashboard page easier.

Can I encrypt my own data?

For additional peace of mind, we support client-side encryption on paid plans.

Can I use Structurizr without uploading my software architecture model to the cloud?

Yes, paid options include local storage, the on-premises API and the on-premises UI.

Server locations

Structurizr is deployed onto Pivotal Web Services Cloud Foundry, which is itself hosted on Amazon EC2 in US-East-1. You can find more information on the Pivotal Web Services Knowledge Base.

Data is stored in Amazon RDS, which is also hosted on Amazon EC2 US-East-1.