-
Docs
-
Security Overview
Security Overview
Honeycomb is a secure product. You can also learn more about our certifications and compliance on our security webpage.
How We Secure Your Data 
- All data is encrypted at rest and in transit.
- We delete data as it exceeds the 60-day retention window.
- You can delete datasets at any time. For more fine-grained deletion (a single column, for instance) contact Support via support.honeycomb.io, or email at support@honeycomb.io.
- Your API Keys authenticate data ingestion.
- A team owner can create, enable, and disable API keys for each environment in their team.
- There is a limit of 100 API keys per team. This can be increased by request through Support via support.honeycomb.io, or email at support@honeycomb.io.
- If you send data using a disabled or invalid API Key, our API server will reject your events.
How We Secure Our Infrastructure
- The Honeycomb network is architected using modern best practices for tunneling, separate VPCs, encryption at rest and in transit.
- All storage nodes are unreachable from the internet.
- Only web services (API, UI) are reachable from the internet at all, and then only through ELB TLS ports.
- Nothing is transmitted unencrypted over public networks.
- Our entire infrastructure is auto-scalable, which lets us roll our entire infrastructure in ~60 minutes (~10 minutes for our forward-facing web nodes) when critical security patches are released.
How We Secure Our Integrations
- Our various integrations (agents and SDKs) do not run as root and cannot be controlled remotely.
- OpenTelemetry sends encrypted traffic by default.
- All our integrations are 100% open-source so you can examine them to your heart’s content.
Compliance
- Full list of certifications and compliance here.
- Fully auditable by your security team.
- Vetted by independent security professionals.
AWS PrivateLink
