TempsTemps

Security Overview

Temps provides multiple layers of security to protect your applications, data, and infrastructure.

For authentication (login methods, password reset, MFA), role-based access control, data encryption, and audit logging, see the dedicated pages in this section.

Transport Security

Automatic SSL/TLS

  • Free SSL Certificates — Automatic Let's Encrypt certificates for every domain
  • Auto-Renewal — Certificates renew automatically before expiration
  • TLS 1.3 — Latest encryption standards
  • Multiple Domains — Unlimited custom domains per project
  • HSTS — Automatic Strict-Transport-Security headers to enforce HTTPS

What You Need to Do

Point your domain to your Temps server. SSL is configured automatically — no certificate management required.

Access Control

Control Plane Admin Surface

The Temps control plane can split its HTTP surface across two listeners so admin/management routes bind to a private interface while public ingest endpoints stay reachable. See the Admin Listener guide for configuration, deployment recipes (SSH tunnel, Tailscale, reverse proxy), and the route classification.

IP Access Control

Control who can reach your applications:

Allow List

  • Only allow specific IP addresses or CIDR ranges
  • Ideal for internal tools or restricted-access applications
  • Takes effect immediately with no restart needed

Block List

  • Block known bad IPs or ranges
  • Useful for mitigating targeted attacks from specific sources

Configure both per project in the dashboard under Settings → Security.

Bot Protection

CAPTCHA Challenge

Protect your applications from automated traffic:

  • Automatic Detection — Triggers on suspicious traffic patterns
  • Manual Trigger — Enable per project or domain at any time
  • Session-Based — Users solve the challenge once per session, not per request

When it triggers:

  • High request rate from a single IP
  • Suspicious traffic patterns detected by the proxy
  • Manual configuration for public-facing registration or contact forms
  • Repeated failed login attempts

Application Security

Temps automatically adds the following protections to every deployed application:

Security Headers

HeaderValuePurpose
X-Content-Type-OptionsnosniffPrevent MIME-type sniffing
X-Frame-OptionsDENYPrevent clickjacking
Strict-Transport-Securitymax-age=…; includeSubDomainsEnforce HTTPS
X-XSS-Protection1; mode=blockEnable browser XSS filter

Automatic Protections

  • Input Validation — All inputs validated at the API layer
  • SQL Injection Prevention — Parameterized queries throughout
  • XSS Protection — Output encoding on all rendered content
  • CSRF Protection — CSRF tokens on all state-changing requests

Best Practices

For Your Account

  • Enable Two-Factor Authentication (TOTP) on your account
  • Use magic links or SSO instead of passwords where possible
  • Review and revoke unused API keys regularly
  • Monitor the Audit Log for unexpected activity

For Your Applications

  • Use IP Allow Lists for internal tools and admin surfaces
  • Enable CAPTCHA for public-facing apps that are under bot pressure
  • Store sensitive values as secrets (encrypted env vars), not plain environment variables
  • Keep Temps updated — security patches ship in every release

For Your Infrastructure

  • Bind the admin listener to a private interface or VPN (see Admin Listener)
  • Use strong database passwords and restrict database network access
  • Back up your data regularly (see Backups)

Compliance

Data Privacy

Because Temps is self-hosted, you control all data:

  • Data stays on your own infrastructure — nothing is sent to third-party servers by default
  • Export your data at any time via API or database access
  • Delete data at any time; Temps does not retain copies

GDPR & Privacy

  • Data Minimization — Temps collects only what is necessary to operate the platform
  • User Consent — Integrate your own consent management; Temps does not impose one
  • Right to Access & Deletion — All user data is accessible and deletable via the API
  • Data Portability — Export data in standard formats (JSON, CSV)

Reporting Security Issues

If you discover a security vulnerability in Temps, please report it privately:

  • Do not post publicly until a fix is available
  • Email security@temps.sh with a description of the issue
  • Allow reasonable time for a fix before any public disclosure

We follow responsible disclosure principles and aim to respond within 48 hours.

Was this page helpful?