diff --git a/endpoints/web.py b/endpoints/web.py index 3c6c5e07b..347969268 100644 --- a/endpoints/web.py +++ b/endpoints/web.py @@ -100,11 +100,18 @@ def new(): def repository(): return index('') + +@app.route('/security/') +def security(): + return index('') + + @app.route('/v1') @app.route('/v1/') def v1(): return index('') + @app.route('/status', methods=['GET']) def status(): return make_response('Healthy') diff --git a/static/css/quay.css b/static/css/quay.css index 15ae81f66..593c17020 100644 --- a/static/css/quay.css +++ b/static/css/quay.css @@ -523,8 +523,8 @@ html, body { } .jumbotron .disclaimer-link { - font-size: .5em; - vertical-align: top; + font-size: .3em; + vertical-align: 23px; } .jumbotron .disclaimer-link:hover { diff --git a/static/js/app.js b/static/js/app.js index 121f5aee3..ebcc79e01 100644 --- a/static/js/app.js +++ b/static/js/app.js @@ -435,16 +435,18 @@ quayApp = angular.module('quay', ['ngRoute', 'restangular', 'angularMoment', 'an when('/repository/:namespace/:name/admin', {templateUrl: '/static/partials/repo-admin.html', controller:RepoAdminCtrl}). when('/repository/', {title: 'Repositories', description: 'Public and private docker repositories list', templateUrl: '/static/partials/repo-list.html', controller: RepoListCtrl}). - when('/user/', {title: 'Account Settings', description:'Account settings for Quay', templateUrl: '/static/partials/user-admin.html', controller: UserAdminCtrl}). - when('/guide/', {title: 'Guide', description:'Guide to using private docker repositories on Quay', templateUrl: '/static/partials/guide.html', controller: GuideCtrl}). - when('/plans/', {title: 'Plans and Pricing', description: 'Plans and pricing for private docker repositories on Quay', + when('/user/', {title: 'Account Settings', description:'Account settings for Quay.io', templateUrl: '/static/partials/user-admin.html', controller: UserAdminCtrl}). + when('/guide/', {title: 'Guide', description:'Guide to using private docker repositories on Quay.io', templateUrl: '/static/partials/guide.html', controller: GuideCtrl}). + when('/plans/', {title: 'Plans and Pricing', description: 'Plans and pricing for private docker repositories on Quay.io', templateUrl: '/static/partials/plans.html', controller: PlansCtrl}). - when('/signin/', {title: 'Sign In', description: 'Sign into Quay', templateUrl: '/static/partials/signin.html', controller: SigninCtrl}). + when('/security/', {title: 'Security', description: 'Security features used when transmitting and storing data', + templateUrl: '/static/partials/security.html', controller: SecurityCtrl}). + when('/signin/', {title: 'Sign In', description: 'Sign into Quay.io', templateUrl: '/static/partials/signin.html', controller: SigninCtrl}). when('/new/', {title: 'Create new repository', description: 'Create a new public or private docker repository, optionally constructing from a dockerfile', templateUrl: '/static/partials/new-repo.html', controller: NewRepoCtrl}). when('/organizations/', {title: 'Organizations', description: 'Private docker repository hosting for businesses and organizations', templateUrl: '/static/partials/organizations.html', controller: OrgsCtrl}). - when('/organizations/new/', {title: 'New Organization', description: 'Create a new organization on Quay', + when('/organizations/new/', {title: 'New Organization', description: 'Create a new organization on Quay.io', templateUrl: '/static/partials/new-organization.html', controller: NewOrgCtrl}). when('/organization/:orgname', {templateUrl: '/static/partials/org-view.html', controller: OrgViewCtrl}). when('/organization/:orgname/admin', {templateUrl: '/static/partials/org-admin.html', controller: OrgAdminCtrl}). diff --git a/static/js/controllers.js b/static/js/controllers.js index 813b3ee29..9ac49b60c 100644 --- a/static/js/controllers.js +++ b/static/js/controllers.js @@ -58,6 +58,9 @@ function PlansCtrl($scope, $location, UserService, PlanService) { function GuideCtrl($scope) { } +function SecurityCtrl($scope) { +} + function RepoListCtrl($scope, Restangular, UserService) { $scope.namespace = null; diff --git a/static/partials/landing.html b/static/partials/landing.html index e5165fc88..d805f94bb 100644 --- a/static/partials/landing.html +++ b/static/partials/landing.html @@ -72,17 +72,16 @@ Secure - Store your private Docker containers where only you and your team - can access it, with communication secured by SSL at all times + Your data is transferred using SSL at all times and encrypted when at rest. More information available in our security guide
- + Shareable Have to share a repository? No problem! Share with anyone you choose - +
@@ -90,7 +89,7 @@ Cloud Hosted Accessible from anywhere, anytime - +
diff --git a/static/partials/security.html b/static/partials/security.html new file mode 100644 index 000000000..73e599aff --- /dev/null +++ b/static/partials/security.html @@ -0,0 +1,44 @@ +
+
+
+

Quay.io Security

+

We understand that when you upload one of your repositories to Quay.io that you are trusting us with some potentially very sensitive data. On this page we will lay out our security features and practices to help you make an informed decision about whether you can trust us with your data.

+
+
+
+
+

SSL Everwhere

+

We expressly forbid connections to Quay.io using unencrypted HTTP traffic. This helps keep your data and account information safe on the wire. Our SSL traffic is decrypted on our application servers, so your traffic is encrypted even within the datacenter. We use a 4096-bit RSA key, and after the key exchange is complete, traffic is transferred using 256-bit AES, for the maximum encryption strength.

+
+
+
+
+

Encryption

+

Our binary data is currently stored in Amazon's S3 service. We use HTTPS when transferring your data internally between our application servers and S3, so your data is never exposed in plain text on any wire. We use their server side encryption to protect your data while stored at rest in their data centers.

+
+
+
+
+

Passwords

+

There have been a number of high profile leaks recently where companies have been storing their customers' passwords in plain text, an unsalted hash, or a salted hash where every salt is the same. At Quay.io we use the bcrypt algorithm to generate a salted hash from your password, using a unique salt for each password. This method of storage is safe against rainbow attacks and is obviously superior to plain-text storage. Your credentials are also never written in plain text to our application logs, a leak that is commonly overlooked.

+
+
+
+
+

Access Controls

+

Repositories will only ever be shared with people to whom you delegate access. Repositories created from the Docker command line are private by default and repositories must subsequently made public with an explicit action in the Quay.io UI. We have a test suite which is run before every code push which tests all methods which expose private data with all levels of access to ensure nothing is accidentally leaked.

+
+
+
+
+

Firewalls

+

Our application servers and database servers are all protected with firewall settings that only allow communication with known hosts and host groups on sensitive ports (e.g. SSH). None of our servers have SSH password authentication enabled, preventing brute force password attacks.

+
+
+
+
+

Data Resilience

+

While not related directly to security, many of you are probably worried about whether you can depend on the data you store in Quay.io. All binary data that we store is stored in Amazon S3 at the highest redundancy level, which Amazon claims provides 11-nines of durability. Our service metadata (e.g. logins, tags, teams) is stored in a database which is backed up nightly, and backups are preserved for 7 days.

+
+
+
\ No newline at end of file diff --git a/templates/base.html b/templates/base.html index d0831634a..6379a452b 100644 --- a/templates/base.html +++ b/templates/base.html @@ -93,7 +93,7 @@ mixpanel.init(isProd ? "50ff2b2569faa3a51c8f5724922ffb7e" : "38014a0f27e7bdc3ff8
  • Blog
  • Terms of Service
  • Privacy Policy
    • -
  • User Guide
    • +
  • Security
  • Contact Support