Is it safe to host many droplets in one digital ocean account?

twitter logo ・1 min read

Is it safe to host 100 droplets in one digital ocean account? I know you can do 2-factor authentication. I’m just wondering about the security because if someone simply breaks into your account or gets the password they can basically delete all your droplets in one session.

twitter logo DISCUSS (2)
markdown guide
 

I would:

  • Divide your operation deployments into "staging" versus "production".
  • Also divide according to security domain.

The latter means that if a set of droplets, or containers, or servers, or services should have access to a different set of information than another, host them separately. You wouldn't host your accounting software for your business in the same account as the service you offer customers, as an obvious example.

But also, you might note that a security domain changes based on who needs access to the droplets (etc) within it.

Too many accounts, though, will prove difficult to manage and that in turn will probably lower security.

If you have more than 3 or 4 security domains you're probably dividing too finely.

 

I think the overhead of managing droplets across accounts outweighs the security benefits, especially if you enable 2FA. I also recommend you use a password manager like 1Password or LastPass to generate strong passwords for you.

Classic DEV Post from Feb 25

The Best Way to Advance Your Career

Where I answer a query from one of my awesome readers about how to advance your career based on my experience.

Omar Elbaga profile image
Head of digital product. In love with everything made for the web.