Authentication
- Use strong passwords
- Enable MFA
- Rotate API keys regularly
- Use SSH keys (not passwords)
Network security
- Enable HTTPS/TLS
- Configure firewall rules
- Use VPN (Headscale)
- Restrict API access
Data security
- Encrypt data at rest
- Regular backups
- Secure secrets management
- Audit logging
Updates
- Keep software updated
- Monitor security advisories
- Test updates in staging
- Have rollback plan