Help Center/ CodeArts Repo/ Service Overview/ Security/ Data Protection Technologies
Updated on 2024-07-10 GMT+08:00

Data Protection Technologies

CodeArts Repo uses multiple methods to secure data.

Method

Description

Reference

Transmission encryption (HTTPS)

A code repository hosted in CodeArts Repo is flushed to disks on the cloud to prevent people other than the data owner from accessing users' plaintext data and prevent data leakage on the cloud. The code encryption process is transparent to users. Users can use any official Git client to access the code repository on CodeArts Repo.

-

Key management

Deployment key and SSH key management ensures that the request is initiated by the request initiator so that users can only browse authorized data, securing data.

For details about the SSH key pair and how to obtain it, see SSH Key.

git-crypt encrypted transmission and storage

git-crypt is a third-party open-source software that can transparently encrypt and decrypt files in the Git repository.

It can encrypt and store specified files and file types. Developers can store encrypted files (such as confidential information or sensitive data) and shared code in the same repository and pull and push them like in a common repository. Only the person who has the corresponding file key can view the content of the encrypted files, but others are not restricted to read and write unencrypted files. For details about encrypted transmission and storage using git-crypt and how to obtain git-crypt, see About git-crypt.

Sensitive data anonymization and high-value data encryption

CodeArts Repo uses unified and accurate data to support applications and services for data security and privacy.

Logs and databases contain sensitive data, including but not limited to keys and account information. To prevent security issues caused by sensitive data leakage, the data is anonymized or encrypted. The principle is a hash function, which generates a digest for a piece of information to prevent tampering.

Anti-DDoS tool

Advanced Anti-DDoS (AAD) is a tool for defending against DDoS attacks. AAD can protect your servers against large volumetric DDoS attacks so your Internet services can keep being available.

AAD supports two traffic diversion modes: DNS resolution and IP address directing to protect website domain names and service ports. Based on the forwarding rules you configure for your services in AAD, AAD directs the DNS domain name resolution or service IP address to the AAD instance IP address or CNAME address for traffic diversion.

Access traffic from the public network preferentially passes through an AAD equipment room. Malicious attack traffic is cleaned and filtered in the AAD traffic cleaning center. Normal access traffic is returned to the origin server through port protocol forwarding, ensuring stable access to the origin server.

Traffic limiting

Traffic limiting can be used to limit the number of HTTP requests sent by a user within a specified period of time. Traffic limiting is used to protect upstream application servers from being overwhelmed by too many concurrent user requests.

CodeArts Repo mainly uses Nginx and APIGW flow controls. Nginx uses the leaky bucket algorithm to limit traffic. This algorithm is widely used in communication and packet switched computer networks to handle bursts when bandwidth is limited. APIGW flow control limits the number of times an API is called within a specified period to protect backend services and provide continuous and stable services.

Backup & DR

Backup and DR not only prevent data loss, but also ensure that services on the server are taken over after the server breaks down to ensure service continuity. This feature ensures that users can continuously use application services, service requests of users can run continuously, and services provided by the information system are complete, reliable, and consistent.

-

Hash-based shard storage

Hash-based sharded storage improves confidentiality and privacy. Data sets are divided into independent and orthogonal data subsets based on certain rules. Then, the data is randomly distributed to multiple nodes. No node can access the complete data. They contain only a part of the data.

-

Watermark

To prevent unauthorized photos, screenshots, or other means from spreading core assets, you can enable watermark settings.

For details about how to set watermarks, see Watermarks.

Backup

The repository backup operation secures code and prevents others from deleting code by mistake. There are two backup modes:

  • Back up the repository to another region of Huawei Cloud.
  • Back up the repository to your local computer.

For details about how to back up the repository, see Repository Backup.