Security

In case you're curious, here's an overview of what we do to keep your data secure:

  • All data in transit over a public network is protected by SSL/TLS
  • All server access is controlled by SSH keys (password authentication is disabled)
  • Customer passwords are not stored in cleartext
  • Error data we receive via our API endpoints is purged after 180 days
  • Our client libraries give you control over the data you send us.

Data at rest is stored in cleartext on our dedicated servers and on AWS.

Authenticating requests from Honeybadger

Requests sent from Honeybadger servers for source maps, web hooks, and uptime checks include the header Honeybadger-Token which is a secret token derived from your api key. The Honeybadger token may be used to authenticate the request (note that this token will change if you reset your project API key):

Honeybadger-Token: your-token

You can find your token on the API Key tab in project settings.

Firewalls

To use Honeybadger behind a firewall, you'll need to configure your firewall to allow connections to our servers. Here's the list:

For exception monitoring

Whitelist the following IPs for outgoing traffic:

  • 34.196.34.99
  • 34.195.239.200
  • 34.193.240.253

For webhooks and sourcemaps

Whitelist these IP addresses for incoming traffic:

  • 34.196.34.99
  • 34.195.239.200
  • 34.193.240.253

For uptime monitoring

We use a dynamic range of IPs for uptime monitoring. Please use the Honeybadger-Token header, described above, to authenticate requests coming from our servers.

Reporting Issues

If you've noticed a possible security issue, please let us know at support@honeybadger.io.

For sensitive information, please feel free to encrypt your message with our public key, below.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.4
Comment: Hostname: keyserver.witopia.net
mQENBFMxtAABCADtxZQQ5QDYs4mHl3SxwwfdvhZTbchsQglkFfzfNRM0YcCEjsfBQh101ReF
kYVMsuf8R/Np6R5neWkEuFMpXFmxBeBlTwkquN2Q+H9Q5ZoaBS2rks+yRrEHUSNvkb4F7wU6
WABnN03RCBwHb4fc09OZeMu04UXHbqqUf7WwA9oGahKSan/Typazd/PqXH1Kgu+LSLig4CvT
wiDulVsKjQf6RUV8Ae/e5NwJt+uT66zLpayqstj0xioa96Vpf8GaqTV/87iN8AwmjKrk/vDA
QRF4e/xUBCurwm+xNUV/dtg3UsMl0uWjvLrqVv1noIfF0PF1XvbKaA3WU2J5adu6ckqRABEB
AAG0LEhvbmV5YmFkZ2VyIFN1cHBvcnQgPHN1cHBvcnRAaG9uZXliYWRnZXIuaW8+iQE+BBMB
AgAoBQJTMbQAAhsDBQkHhh+ABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRD37DtshnDP
JygcCACoge6Pe4OM+QA3GM3BPF06UNycp4+i3B5u5lsrHnSCkp3ZL10iNKRFSiIgLNV4xQGl
Gf4Red89lsoxF3X7SDOfX9NcqGHOCvwxIjOZeWVKNPYyCVh0m+P3bHjSJnTnWo6irtTU+u4k
1OnGKQo8t0Hz9OuLSzwISbCM4PouXPfZV+1eFQVnWhA+TY65YReptcW2HhpvvYpVI+KmItxS
OUdmIUrW0fTYGD4BVRbeajHyqTRFN1bicSzW6JjTBT+NjN06x3C/VbdcF0BPvcij/02QK+d5
2Nw8oYqQ+M4n7aXYJ2XqM8ssomS6w7GsfNTlScVT7dboDxjTJANOWXgDbZTIuQENBFMxtAAB
CADLh5WU0t7gfF/YluQ3P3eLTs9pAzzvqJacaWH48qSUGqWmNtFHsukHuiAjO+QxmJb1loZg
j3Ms5FnQO1UaoZn63DZWgA2cP07p/bWOyFbpsRKKNEqsrd87A04RAHDVj8m8evTBgVSjNH+E
foJfy07AgNghNrZ5r5HrJdCoDYon3K3MkTAks1TMuDH7DPp1jPPvgWgCIqlRl+ZI9g0xr7z/
l+fc3c1ocZkrCL/nrRVLYrwwMnG+EcurmHufyhCz28k5pbD+GnQx2XEa3UQ2SouZGqaPQNLr
srQ7oQkVXHLE/6cL5sB2XtADDjlkjrUdVGmTecR79iMRMMkQaA6Fdc1nABEBAAGJASUEGAEC
AA8FAlMxtAACGwwFCQeGH4AACgkQ9+w7bIZwzyfczQf/bKEqfrnI+hNoIrhXy7aA6IiX+qts
aajJzooXMylt4xud167tCQ4wFwYxt6AbXGw2LuXT05pmxUuFnU/qMAyCTrZDnXLsYH3r3I/I
+ZxQx0IahYfLozHaNdp5vgwJiwsjO7+QZ7e5/ag9Iug32Uia1dJPacgQ+9B3AeZezgrHBg1d
RDgEnHyt2cmWnD2BMmb7zXZfOm06e8YGBFkF0xu3KtaeL9dnaHAwL8CmUyCmVw1ROGSafREO
xL6NHoU8EAohRfl60sAJicGzIHEAC+fnrurbydujRNIfefVKSrUrtga1ecnGwmuJ8tkkqBG+
8V91oWhXm31mcAgXnNiN7c+GPA==
=hyOf
-----END PGP PUBLIC KEY BLOCK-----

Hall of Fame

We'd like to thank the following people for helping us keep Honeybadger secure:

  • Manish Bhattacharya - @umenmactech
  • Jayson Zabate
  • Aditya Agrawal - @exploitprotocol
  • Evan Ricafort
  • Osanda Malith Jayathissa - @OsandaMalith
  • Madhu Akula - @madhuakula
  • Abdul Wasay
  • Shivam Kumar Agarwal - @netanalysts
  • Sumit Sahoo
  • Adam Enger
  • Sajibe Kanti - @Sajibekantibd
  • Md. Nur A Alam Dipu - @Dipu1A
  • Pethuraj M