Security
Authentication
S2 API requires an authentication token which can be generated and revoked from the dashboard, and has an expiry time at which it is automatically revoked.
S2 SDKs take care of supplying the authentication token automatically. If you are using curl or grpcurl, you can provide it with -H "Authorization: Bearer ${TOKEN}".
Encryption
Data in transit
S2 endpoints are secured by Transport Layer Security (TLS), and we always use TLS within S2 when data is transferred between services.
Data at rest
S2 does not use any local disks. Data at rest is encrypted by the cloud systems we rely on, e.g. S3’s native server-side encryption.
Lean into client-side record encryption for the strongest data protection.
On our roadmap: authenticated encryption of records at the edge service in S2, with a stream-specific key.
Responsible Disclosure
Ethical hackers and security researchers can report vulnerabilities to us at security@s2.dev.