Functions

Data Security

As part of DigitalOcean’s shared responsibility model, you are responsible for securing the data you store on our services.

For data security purposes, we recommend that you protect your DigitalOcean account credentials and set up individual user accounts with DigitalOcean Teams to help maintain proper access for your services. We also recommend that you secure your data in the following additional ways:

• Enable 2fa by default

• Use SSL/TLS to communicate with DigitalOcean resources, we recommend TLS 1.2 or higher

• Securely forward Functions logs

Encryption At Rest

User-sensitive data, such as Functions code and sensitive params that are passed to the Functions environment, is stored at rest in encrypted volumes in the database.

Encryption In Transit

Functions and App Platform integrations use HTTPS and TLS by default.

Logging and Monitoring

You can configure functions to forward console and error logs from the function to a third-party logging service. Functions support Papertrail, Datadog, and Logtail.

For more information on how to forward Functions logs for monitoring, please visit our How to Forward Logs Guide.

Compliance

Functions is audited by third-parties as part of DigitalOcean’s SOC 2 Type 2 report. For details on how to request access to this report, please visit our Trust Platform Certifications page.

Infrastructure Security

As a platform as a service offering, DigitalOcean maintains the security of the infrastructure that Functions are hosted on. For more details, please review our Infrastructure Security Overview page.

Data Center Location Availability

Functions are listed in our Functions Availability guide. Utilizing multi-regions for redundancy is a best practice for your services.

Functions utilize their own dedicated networking and computing resources, which creates a more resilient product and prevents downtime for you. This prevents you from being impacted by another customer’s usage of resources.