HPC credential security

Connecting to an HPC cluster requires SSH credentials (a password or private key). SiestaStudio takes specific steps to protect these credentials.

Encryption at rest

Credentials are encrypted with a server-side encryption key before being stored in the database. The plaintext credential is never written to disk or logged.

In transit

All communication between your browser and SiestaStudio is over HTTPS. SSH connections from the server to your cluster are made over the standard SSH protocol.

Key rotation

Each stored credential record carries a key version field so that credentials can be re-encrypted if the server key is rotated in the future. Rotation does not require you to re-enter your credentials.

What we cannot see

The server decrypts credentials only at the moment they are needed (to open an SSH connection or an SFTP session). They are not accessible to SiestaStudio staff in readable form during normal operation.

Removing credentials

Delete a cluster connection from Settings → HPC Connections. This removes the stored credential from the database immediately.

Related pages