Security Settings

Accessing Security Settings

1. Log in to ByteHide Cloud
2. Select your Secrets project
3. Click on the Settings tab
4. Navigate to the Security Settings section

IP Whitelisting

Restrict access to your secrets based on IP addresses:

1. In the IP Whitelist section, click Add Header
2. Enter an IP address or CIDR range (e.g., 192.168.1.1 or 10.0.0.0/24)
3. Click Save

Only requests from whitelisted IP addresses will be allowed to access your secrets.

Managing Multiple IPs

You can add multiple IP addresses or ranges:

• Add each IP address separately
• Use CIDR notation for IP ranges
• Include your office, remote workers, and CI/CD servers

Custom Headers

Add an extra layer of security with custom headers:

1. In the Custom Headers section, click Add Header
2. Enter a header name (e.g., X-API-Key)
3. Enter a header value
4. Click Save

API requests to the ByteHide service must include these headers to be authorized.

Access Control

Manage who can access your project:

1. In the Organization tab, navigate to the Teams & Members section
2. Add team members by email address
3. Assign appropriate roles
4. Click Save

Role-Based Access

ByteHide supports different access levels:

• Owner: Full access to all project settings and secrets
• Manager: Can view and edit secrets but not change security settings
• Member: Can only view secrets, not edit them

You can group members in teams and select the teams that have access to your Secrets project (in the image see dot 4).

Audit Logging

Review all actions taken in your project:

1. In the Settings tab, navigate to the Audit Logs section
2. View a chronological list of all actions
3. Filter by user, action type, or date range

Audit logs help you track who accessed or modified your secrets and when.

API Token Management

Manage the API tokens used to access your secrets:

1. In the Settings tab, navigate to the API Tokens section
2. View all active tokens
3. Revoke tokens that are no longer needed
4. Create new tokens with specific permissions

Token Rotation

Regularly rotate your tokens for enhanced security:

1. Create a new token
2. Update your applications to use the new token
3. Revoke the old token after confirming everything works

Two-Factor Authentication

Enable two-factor authentication for your ByteHide account:

1. Go to your account settings
2. Navigate to the Security section
3. Enable two-factor authentication
4. Follow the setup instructions

This adds an extra security layer when logging in to manage your secrets.

Notification Settings

Configure security notifications:

1. In the Settings tab, navigate to the Notifications section
2. Enable notifications for security events
3. Add email addresses or webhook URLs
4. Select which events trigger notifications

Important security events include:

• Failed login attempts
• Secret modifications
• Security setting changes
• New API token creation

Best Security Practices

Least Privilege

Follow the principle of least privilege:

• Grant minimal access required for each user
• Regularly review and audit access permissions
• Remove access when no longer needed

Regular Audits

Conduct regular security audits:

• Review all access logs
• Check for unusual patterns
• Verify IP whitelist entries
• Rotate API tokens

Environment Isolation

Apply different security settings for different environments:

• Strict controls for production
• Appropriate controls for development and testing

Next Steps

• Manage your secrets
• Configure environments
• Set up GitHub integration