<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://ohcnwiki.tellmey.fyi/index.php?action=history&amp;feed=atom&amp;title=Deployment%2FSecurity%2FData_security</id>
	<title>Deployment/Security/Data security - Revision history</title>
	<link rel="self" type="application/atom+xml" href="https://ohcnwiki.tellmey.fyi/index.php?action=history&amp;feed=atom&amp;title=Deployment%2FSecurity%2FData_security"/>
	<link rel="alternate" type="text/html" href="https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Data_security&amp;action=history"/>
	<updated>2026-07-06T05:16:37Z</updated>
	<subtitle>Revision history for this page on the wiki</subtitle>
	<generator>MediaWiki 1.45.4</generator>
	<entry>
		<id>https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Data_security&amp;diff=414&amp;oldid=prev</id>
		<title>Admin: Add Navbox deployment template before Related (via update-page on MediaWiki MCP Server)</title>
		<link rel="alternate" type="text/html" href="https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Data_security&amp;diff=414&amp;oldid=prev"/>
		<updated>2026-07-06T04:04:19Z</updated>

		<summary type="html">&lt;p&gt;Add Navbox deployment template before Related (via update-page on MediaWiki MCP Server)&lt;/p&gt;
&lt;table style=&quot;background-color: #fff; color: #202122;&quot; data-mw=&quot;interface&quot;&gt;
				&lt;col class=&quot;diff-marker&quot; /&gt;
				&lt;col class=&quot;diff-content&quot; /&gt;
				&lt;col class=&quot;diff-marker&quot; /&gt;
				&lt;col class=&quot;diff-content&quot; /&gt;
				&lt;tr class=&quot;diff-title&quot; lang=&quot;en&quot;&gt;
				&lt;td colspan=&quot;2&quot; style=&quot;background-color: #fff; color: #202122; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan=&quot;2&quot; style=&quot;background-color: #fff; color: #202122; text-align: center;&quot;&gt;Revision as of 09:34, 6 July 2026&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 57:&lt;/td&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 57:&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &#039;&#039;&#039;Deploy through automated CI/CD.&#039;&#039;&#039; Branch-based continuous integration and delivery removes manual, unaudited access to production and gives you a record of every change.&lt;/div&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &#039;&#039;&#039;Deploy through automated CI/CD.&#039;&#039;&#039; Branch-based continuous integration and delivery removes manual, unaudited access to production and gives you a record of every change.&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &#039;&#039;&#039;Roll out without downtime or exposure.&#039;&#039;&#039; Create new pods before terminating the old ones so a deploy never drops traffic, and so partially-updated code is never publicly reachable.&lt;/div&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;* &#039;&#039;&#039;Roll out without downtime or exposure.&#039;&#039;&#039; Create new pods before terminating the old ones so a deploy never drops traffic, and so partially-updated code is never publicly reachable.&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot; data-marker=&quot;−&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-empty diff-side-added&quot;&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot; data-marker=&quot;−&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;== Next steps ==&lt;/div&gt;&lt;/td&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-empty diff-side-added&quot;&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;Security controls protect the system; &#039;&#039;&#039;privacy controls protect the people in it&#039;&#039;&#039;. Continue to [[Deployment/Security/Privacy and data protection|Privacy and data protection]] for how to handle patient data responsibly and meet your regulatory obligations.&lt;/div&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;Security controls protect the system; &#039;&#039;&#039;privacy controls protect the people in it&#039;&#039;&#039;. Continue to [[Deployment/Security/Privacy and data protection|Privacy and data protection]] for how to handle patient data responsibly and meet your regulatory obligations.&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-empty diff-side-deleted&quot;&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot; data-marker=&quot;+&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td colspan=&quot;2&quot; class=&quot;diff-empty diff-side-deleted&quot;&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot; data-marker=&quot;+&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{Navbox deployment}}&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;br /&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{Related}}&lt;/div&gt;&lt;/td&gt;
  &lt;td class=&quot;diff-marker&quot;&gt;&lt;/td&gt;
  &lt;td style=&quot;background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;{{Related}}&lt;/div&gt;&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Admin</name></author>
	</entry>
	<entry>
		<id>https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Data_security&amp;diff=214&amp;oldid=prev</id>
		<title>Admin: OHC identity seed</title>
		<link rel="alternate" type="text/html" href="https://ohcnwiki.tellmey.fyi/index.php?title=Deployment/Security/Data_security&amp;diff=214&amp;oldid=prev"/>
		<updated>2026-07-04T23:08:35Z</updated>

		<summary type="html">&lt;p&gt;OHC identity seed&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{Doc header&lt;br /&gt;
|type=guide&lt;br /&gt;
|domain=deployment&lt;br /&gt;
|title=Data security&lt;br /&gt;
|order=1&lt;br /&gt;
}}&lt;br /&gt;
&lt;br /&gt;
Care holds sensitive patient health data, so a production deployment should be hardened at every layer — the edge, the network, transport, data at rest, and the operational paths your team uses to manage it.&lt;br /&gt;
&lt;br /&gt;
This page lists the &amp;#039;&amp;#039;&amp;#039;standard security practices to enable&amp;#039;&amp;#039;&amp;#039;, based on how OHC operates its own production instances. Treat it as a recommended baseline rather than a finished checklist: the exact mechanism depends on your provider (for example [&amp;lt;nowiki/&amp;gt;https://www.cloudflare.com/ Cloudflare], [&amp;lt;nowiki/&amp;gt;https://aws.amazon.com/waf/ AWS WAF &amp;amp;amp; Shield], [&amp;lt;nowiki/&amp;gt;https://cloud.google.com/armor Google Cloud Armor], or the [&amp;lt;nowiki/&amp;gt;https://apisix.apache.org/ APISIX] ingress used in the [[Deployment/Kubernetes/Reference architecture|Kubernetes reference deployment]]), but the controls themselves apply to any deployment.&lt;br /&gt;
&lt;br /&gt;
{{Note|1=This is a baseline, not an exhaustive standard. Security is ongoing — pair these controls with periodic penetration testing and security audits, and review them whenever your infrastructure changes.}}&lt;br /&gt;
&lt;br /&gt;
== Edge protection and WAF ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Run a Web Application Firewall&amp;#039;&amp;#039;&amp;#039; in front of the application, configured with the [&amp;lt;nowiki/&amp;gt;https://owasp.org/www-project-modsecurity-core-rule-set/ OWASP Core Rule Set] to protect against common attack categories such as SQL injection and cross-site scripting (XSS).&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Add custom WAF rules&amp;#039;&amp;#039;&amp;#039; for application-specific threats and bot mitigation, on top of the core rule set.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Block by IP reputation / threat score.&amp;#039;&amp;#039;&amp;#039; Deny traffic from IP addresses with a poor reputation (for example, a threat score above a chosen threshold).&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Apply ASN- and geo-based lockdown&amp;#039;&amp;#039;&amp;#039; where appropriate for your deployment — restrict or block traffic from networks and regions you do not serve, against a known threat matrix.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Enable rate limiting and sanity checks&amp;#039;&amp;#039;&amp;#039; so a single client cannot flood the application, and obvious malformed or abusive requests are dropped at the edge.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Use DDoS protection&amp;#039;&amp;#039;&amp;#039; from your edge/CDN provider to absorb volumetric attacks.&lt;br /&gt;
&lt;br /&gt;
== Network controls ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Lock down ports.&amp;#039;&amp;#039;&amp;#039; Allow only ports &amp;lt;code&amp;gt;80&amp;lt;/code&amp;gt; and &amp;lt;code&amp;gt;443&amp;lt;/code&amp;gt; from the internet across the network; everything else should be reachable only over private networking.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Reverse-proxy all traffic&amp;#039;&amp;#039;&amp;#039; so the origin server IPs are masked and never exposed directly to clients.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Isolate internal services.&amp;#039;&amp;#039;&amp;#039; Databases, caches, object storage, and search must not be reachable from the public internet — only from the application hosts that need them (see [[#data-at-rest-and-the-database|Data at rest and the database]]).&lt;br /&gt;
&lt;br /&gt;
== Transport and browser security ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Encrypt everything in transit&amp;#039;&amp;#039;&amp;#039; with TLS 1.2 or above — origin-to-edge, service-to-service, and edge-to-user.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Preload HSTS&amp;#039;&amp;#039;&amp;#039; ([&amp;lt;nowiki/&amp;gt;https://developer.mozilla.org/docs/Web/HTTP/Headers/Strict-Transport-Security HTTP Strict Transport Security]) domain-wide with a long &amp;lt;code&amp;gt;max-age&amp;lt;/code&amp;gt; (for example one year) to enforce HTTPS-only traffic.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Set a strict Content Security Policy (CSP)&amp;#039;&amp;#039;&amp;#039; header to mitigate clickjacking and content-injection attacks, and &amp;#039;&amp;#039;&amp;#039;monitor CSP and Certificate Transparency (CT) violations&amp;#039;&amp;#039;&amp;#039; to keep your threat matrix current.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Enable DNSSEC&amp;#039;&amp;#039;&amp;#039; on your domain to protect against forged DNS answers and domain takeover. DNSSEC-protected zones are cryptographically signed so resolvers can verify the records came from the domain owner.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Serve over HTTP/2 and HTTP/3&amp;#039;&amp;#039;&amp;#039; with Brotli compression — primarily a performance gain, but it keeps clients on modern, well-maintained protocols.&lt;br /&gt;
&lt;br /&gt;
== Data at rest and the database ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Encrypt all storage&amp;#039;&amp;#039;&amp;#039; — server nodes, volumes, and database instances — using keys managed by a Key Management Service (KMS).&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Keep the database private.&amp;#039;&amp;#039;&amp;#039; Allow database connectivity only over the internal private network, and only from the backend hosts that require it. Never expose the database to the public internet.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Scope credentials tightly.&amp;#039;&amp;#039;&amp;#039; Each component should authenticate with its own least-privilege credentials, rotated regularly.&lt;br /&gt;
&lt;br /&gt;
== Backups ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Take automated, scheduled backups&amp;#039;&amp;#039;&amp;#039; (daily snapshots at minimum) of the database and any stateful stores.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Encrypt backups&amp;#039;&amp;#039;&amp;#039; with KMS-managed keys and store them inside your cloud infrastructure without external access.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Test restores.&amp;#039;&amp;#039;&amp;#039; A backup you have never restored is not a backup — verify periodically that a fresh environment can be rebuilt from it. See [[Deployment/Kubernetes/Day-2 operations|Day-2 operations]] for the Kubernetes reference deployment&amp;#039;s backup tooling.&lt;br /&gt;
&lt;br /&gt;
== Access and operational security ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Gate all maintenance access&amp;#039;&amp;#039;&amp;#039; behind a VPN plus a bastion (jump) host. Cluster and server management should never be performed directly over the public internet.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Enforce least privilege&amp;#039;&amp;#039;&amp;#039; for human operators and service accounts alike, and review access grants regularly.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Use strong authentication&amp;#039;&amp;#039;&amp;#039; (and multi-factor authentication) for every administrative entry point.&lt;br /&gt;
&lt;br /&gt;
== Deployment pipeline ==&lt;br /&gt;
&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Deploy through automated CI/CD.&amp;#039;&amp;#039;&amp;#039; Branch-based continuous integration and delivery removes manual, unaudited access to production and gives you a record of every change.&lt;br /&gt;
* &amp;#039;&amp;#039;&amp;#039;Roll out without downtime or exposure.&amp;#039;&amp;#039;&amp;#039; Create new pods before terminating the old ones so a deploy never drops traffic, and so partially-updated code is never publicly reachable.&lt;br /&gt;
&lt;br /&gt;
== Next steps ==&lt;br /&gt;
&lt;br /&gt;
Security controls protect the system; &amp;#039;&amp;#039;&amp;#039;privacy controls protect the people in it&amp;#039;&amp;#039;&amp;#039;. Continue to [[Deployment/Security/Privacy and data protection|Privacy and data protection]] for how to handle patient data responsibly and meet your regulatory obligations.&lt;br /&gt;
&lt;br /&gt;
{{Related}}&lt;/div&gt;</summary>
		<author><name>Admin</name></author>
	</entry>
</feed>