Your password is stored using a one-way hashing algorithm, called bcrypt, with a random salt.
API keys and secrets
Your API keys and secrets are stored encrypted, with a random salt.
The token used in workspace sharing links is also stored encrypted, with a random salt.
There are a number of options for storing your workspace data (the JSON representation), each of which has a different balance between security and usability.
How is data stored by default?
Your workspaces are stored on our servers using AES encryption with a 128-bit key, a random salt and a passphrase that resides on the server. A small quantity of metadata (workspace name, description and a low resolution thumbnail) is stored unencrypted to make rendering your dashboard page easier.
If applicable, the full resolution image versions of your software architecture diagrams are stored as non-public objects using AES-256 encryption in Amazon S3. These are used for the image embed feature.
Can I encrypt my own data?
For additional peace of mind, we support client-side encryption on paid plans.
Can I use Structurizr without uploading my software architecture model to the cloud?
Structurizr is deployed onto Pivotal Web Services Cloud Foundry, which is itself hosted on Amazon EC2 in US-East-1. You can find more information on the Pivotal Web Services Knowledge Base.
Data is stored in Amazon RDS and S3, which is also hosted in US-East-1.