Is it safe to host many droplets in one digital ocean account?

惻1 min read

Is it safe to host 100 droplets in one digital ocean account? I know you can do 2-factor authentication. Iā€™m just wondering about the security because if someone simply breaks into your account or gets the password they can basically delete all your droplets in one session.

DISCUSS (2)
 

I would:

  • Divide your operation deployments into "staging" versus "production".
  • Also divide according to security domain.

The latter means that if a set of droplets, or containers, or servers, or services should have access to a different set of information than another, host them separately. You wouldn't host your accounting software for your business in the same account as the service you offer customers, as an obvious example.

But also, you might note that a security domain changes based on who needs access to the droplets (etc) within it.

Too many accounts, though, will prove difficult to manage and that in turn will probably lower security.

If you have more than 3 or 4 security domains you're probably dividing too finely.

 

I think the overhead of managing droplets across accounts outweighs the security benefits, especially if you enable 2FA. I also recommend you use a password manager like 1Password or LastPass to generate strong passwords for you.

Classic DEV Post from Oct 24 '18

Why I like dev.to

This was originally going to be a post about dev.to's strengths and weaknesses....

Head of digital product. In love with everything made for the web.