This commit is contained in:
root 2013-11-22 22:43:58 +00:00
commit 4c5bd55c13
7 changed files with 68 additions and 13 deletions

View file

@ -100,11 +100,18 @@ def new():
def repository(): def repository():
return index('') return index('')
@app.route('/security/')
def security():
return index('')
@app.route('/v1') @app.route('/v1')
@app.route('/v1/') @app.route('/v1/')
def v1(): def v1():
return index('') return index('')
@app.route('/status', methods=['GET']) @app.route('/status', methods=['GET'])
def status(): def status():
return make_response('Healthy') return make_response('Healthy')

View file

@ -523,8 +523,8 @@ html, body {
} }
.jumbotron .disclaimer-link { .jumbotron .disclaimer-link {
font-size: .5em; font-size: .3em;
vertical-align: top; vertical-align: 23px;
} }
.jumbotron .disclaimer-link:hover { .jumbotron .disclaimer-link:hover {

View file

@ -435,16 +435,18 @@ quayApp = angular.module('quay', ['ngRoute', 'restangular', 'angularMoment', 'an
when('/repository/:namespace/:name/admin', {templateUrl: '/static/partials/repo-admin.html', controller:RepoAdminCtrl}). when('/repository/:namespace/:name/admin', {templateUrl: '/static/partials/repo-admin.html', controller:RepoAdminCtrl}).
when('/repository/', {title: 'Repositories', description: 'Public and private docker repositories list', when('/repository/', {title: 'Repositories', description: 'Public and private docker repositories list',
templateUrl: '/static/partials/repo-list.html', controller: RepoListCtrl}). templateUrl: '/static/partials/repo-list.html', controller: RepoListCtrl}).
when('/user/', {title: 'Account Settings', description:'Account settings for Quay', templateUrl: '/static/partials/user-admin.html', controller: UserAdminCtrl}). when('/user/', {title: 'Account Settings', description:'Account settings for Quay.io', templateUrl: '/static/partials/user-admin.html', controller: UserAdminCtrl}).
when('/guide/', {title: 'Guide', description:'Guide to using private docker repositories on Quay', templateUrl: '/static/partials/guide.html', controller: GuideCtrl}). when('/guide/', {title: 'Guide', description:'Guide to using private docker repositories on Quay.io', templateUrl: '/static/partials/guide.html', controller: GuideCtrl}).
when('/plans/', {title: 'Plans and Pricing', description: 'Plans and pricing for private docker repositories on Quay', when('/plans/', {title: 'Plans and Pricing', description: 'Plans and pricing for private docker repositories on Quay.io',
templateUrl: '/static/partials/plans.html', controller: PlansCtrl}). templateUrl: '/static/partials/plans.html', controller: PlansCtrl}).
when('/signin/', {title: 'Sign In', description: 'Sign into Quay', templateUrl: '/static/partials/signin.html', controller: SigninCtrl}). when('/security/', {title: 'Security', description: 'Security features used when transmitting and storing data',
templateUrl: '/static/partials/security.html', controller: SecurityCtrl}).
when('/signin/', {title: 'Sign In', description: 'Sign into Quay.io', templateUrl: '/static/partials/signin.html', controller: SigninCtrl}).
when('/new/', {title: 'Create new repository', description: 'Create a new public or private docker repository, optionally constructing from a dockerfile', when('/new/', {title: 'Create new repository', description: 'Create a new public or private docker repository, optionally constructing from a dockerfile',
templateUrl: '/static/partials/new-repo.html', controller: NewRepoCtrl}). templateUrl: '/static/partials/new-repo.html', controller: NewRepoCtrl}).
when('/organizations/', {title: 'Organizations', description: 'Private docker repository hosting for businesses and organizations', when('/organizations/', {title: 'Organizations', description: 'Private docker repository hosting for businesses and organizations',
templateUrl: '/static/partials/organizations.html', controller: OrgsCtrl}). templateUrl: '/static/partials/organizations.html', controller: OrgsCtrl}).
when('/organizations/new/', {title: 'New Organization', description: 'Create a new organization on Quay', when('/organizations/new/', {title: 'New Organization', description: 'Create a new organization on Quay.io',
templateUrl: '/static/partials/new-organization.html', controller: NewOrgCtrl}). templateUrl: '/static/partials/new-organization.html', controller: NewOrgCtrl}).
when('/organization/:orgname', {templateUrl: '/static/partials/org-view.html', controller: OrgViewCtrl}). when('/organization/:orgname', {templateUrl: '/static/partials/org-view.html', controller: OrgViewCtrl}).
when('/organization/:orgname/admin', {templateUrl: '/static/partials/org-admin.html', controller: OrgAdminCtrl}). when('/organization/:orgname/admin', {templateUrl: '/static/partials/org-admin.html', controller: OrgAdminCtrl}).

View file

@ -58,6 +58,9 @@ function PlansCtrl($scope, $location, UserService, PlanService) {
function GuideCtrl($scope) { function GuideCtrl($scope) {
} }
function SecurityCtrl($scope) {
}
function RepoListCtrl($scope, Restangular, UserService) { function RepoListCtrl($scope, Restangular, UserService) {
$scope.namespace = null; $scope.namespace = null;

View file

@ -72,17 +72,16 @@
<i class="fa fa-lock"></i> <i class="fa fa-lock"></i>
<b>Secure</b> <b>Secure</b>
<span class="shoutout-expand"> <span class="shoutout-expand">
Store your private Docker containers where only you and your team Your data is transferred using <strong>SSL at all times</strong> and <strong>encrypted</strong> when at rest. More information available in our <a href="/security/">security guide</a>
can access it, with communication secured by <strong>SSL at all times</strong>
</span> </span>
</div> </div>
<div class="col-md-4 shoutout"> <div class="col-md-4 shoutout">
<i class="fa fa-user"></i> <i class="fa fa-group"></i>
<b>Shareable</b> <b>Shareable</b>
<span class="shoutout-expand"> <span class="shoutout-expand">
Have to share a repository? No problem! Share with anyone you choose Have to share a repository? No problem! Share with anyone you choose
</span> </span>
</div> </div>
<div class="col-md-4 shoutout"> <div class="col-md-4 shoutout">
@ -90,7 +89,7 @@
<b>Cloud Hosted</b> <b>Cloud Hosted</b>
<span class="shoutout-expand"> <span class="shoutout-expand">
Accessible from anywhere, anytime Accessible from anywhere, anytime
</span> </span>
</div> </div>
</div> <!-- row --> </div> <!-- row -->
</div> <!-- container --> </div> <!-- container -->

View file

@ -0,0 +1,44 @@
<div class="container">
<div class="row">
<div class="col-md-12">
<h1>Quay.io Security</h1>
<p>We understand that when you upload one of your repositories to Quay.io that you are trusting us with some potentially very sensitive data. On this page we will lay out our security features and practices to help you make an informed decision about whether you can trust us with your data.</p>
</div>
</div>
<div class="row">
<div class="col-md-12">
<h3>SSL Everwhere</h3>
<p>We expressly forbid connections to Quay.io using unencrypted HTTP traffic. This helps keep your data and account information safe on the wire. Our SSL traffic is decrypted on our application servers, so your traffic is encrypted even within the datacenter. We use a 4096-bit RSA key, and after the key exchange is complete, traffic is transferred using 256-bit AES, for the maximum encryption strength.</p>
</div>
</div>
<div class="row">
<div class="col-md-12">
<h3>Encryption</h3>
<p>Our binary data is currently stored in Amazon's <a href="http://aws.amazon.com/s3/">S3</a> service. We use HTTPS when transferring your data internally between our application servers and S3, so your data is never exposed in plain text on any wire. We use their <a href="http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html">server side encryption</a> to protect your data while stored at rest in their data centers.</p>
</div>
</div>
<div class="row">
<div class="col-md-12">
<h3>Passwords</h3>
<p>There have been a number of high profile leaks recently where companies have been storing their customers' passwords in plain text, an unsalted hash, or a <a href="http://en.wikipedia.org/wiki/Salt_(cryptography)">salted hash</a> where every salt is the same. At Quay.io we use the <a href="http://en.wikipedia.org/wiki/Bcrypt">bcrypt</a> algorithm to generate a salted hash from your password, using a unique salt for each password. This method of storage is safe against <a href="http://en.wikipedia.org/wiki/Rainbow_table">rainbow attacks</a> and is obviously superior to plain-text storage. Your credentials are also never written in plain text to our application logs, a leak that is commonly overlooked.</p>
</div>
</div>
<div class="row">
<div class="col-md-12">
<h3>Access Controls</h3>
<p>Repositories will only ever be shared with people to whom you delegate access. Repositories created from the Docker command line are private by default and repositories must subsequently made public with an explicit action in the Quay.io UI. We have a test suite which is run before every code push which tests all methods which expose private data with all levels of access to ensure nothing is accidentally leaked.</p>
</div>
</div>
<div class="row">
<div class="col-md-12">
<h3>Firewalls</h3>
<p>Our application servers and database servers are all protected with firewall settings that only allow communication with known hosts and host groups on sensitive ports (e.g. SSH). None of our servers have SSH password authentication enabled, preventing brute force password attacks.</p>
</div>
</div>
<div class="row">
<div class="col-md-12">
<h3>Data Resilience</h3>
<p>While not related directly to security, many of you are probably worried about whether you can depend on the data you store in Quay.io. All binary data that we store is stored in Amazon S3 at the highest redundancy level, which Amazon claims provides <a href="http://aws.amazon.com/s3/faqs/#How_is_Amazon_S3_designed_to_achieve_99.999999999%_durability">11-nines of durability</a>. Our service metadata (e.g. logins, tags, teams) is stored in a database which is backed up nightly, and backups are preserved for 7 days.</p>
</div>
</div>
</div>

View file

@ -93,7 +93,7 @@ mixpanel.init(isProd ? "50ff2b2569faa3a51c8f5724922ffb7e" : "38014a0f27e7bdc3ff8
<li><a href="http://blog.devtable.com/">Blog</a></li> <li><a href="http://blog.devtable.com/">Blog</a></li>
<li><a href="/tos" target="_self">Terms of Service</a></li> <li><a href="/tos" target="_self">Terms of Service</a></li>
<li><a href="/privacy" target="_self">Privacy Policy</a></li> <li><a href="/privacy" target="_self">Privacy Policy</a></li>
<li><a href="/guide/">User Guide</a></li> <li><a href="/security/">Security</a></li>
<li><b><a href="mailto:support@quay.io">Contact Support</a></b></li> <li><b><a href="mailto:support@quay.io">Contact Support</a></b></li>
</ul> </ul>
</div> </div>