digitalocean/security

digitalocean/security

Stars: 4

Forks: 1

Open issues: 0

Created: 2020-04-21T18:37:37Z

Pushed: 2026-03-06T10:02:34Z

Default branch: main

Fork: no

Archived: no

README:

DigitalOcean Security

If you have found a security vulnerability in a DigitalOcean product, please submit it via our Intigriti bug bounty program: .

If you are a partner attempting to report a security concern via embargo, email us at [security@digitalocean.com](mailto:security@digitalocean.com).

If you wish to encrypt your communication, you may do so via encrypting a message to [security@digitalocean.com](mailto:security@digitalocean.com) with either the [Age public key](/age_public_key.txt) or [GPG public key](/GPG_public_key.txt) in this repo.

Encrypted communications

We strongly recommend you leverage for encrypted communications and avoid GPG.

1. Generate a public-private keypair.

age-keygen -pq -o secret_key.txt

1. Encrypt your message with our public key. Ensure your output is PEM-encoded with the --armor` flag.

age -R age_public_key.txt --armor message.txt > message.txt.age
# or
age -R age_public_key.txt --armor message.txt.age

2. Email the message.txt.age to us at [security@digitalocean.com](mailto:security@digitalocean.com). 3. We will respond to any encrypted communications with an encrypted response. Decrypt a message with:

age -d -i your_secret_key.txt response.txt.age > message.txt

You can also store your private key in a password manager like 1Password and decrypt messages similarly to the following:

age -d -i message.txt

If you must, you may also send us GPG-encrypted communication using the GPG_public_key.txt file in this repository.