HPC credential security
Connecting to an HPC cluster requires SSH credentials (a password or private key). SiestaStudio takes specific steps to protect these credentials.
Encryption at rest
Credentials are encrypted with a server-side encryption key before being stored in the database. The plaintext credential is never written to disk or logged.
In transit
All communication between your browser and SiestaStudio is over HTTPS. SSH connections from the server to your cluster are made over the standard SSH protocol.
Key rotation
Each stored credential record carries a key version field so that credentials can be re-encrypted if the server key is rotated in the future. Rotation does not require you to re-enter your credentials.
What we cannot see
The server decrypts credentials only at the moment they are needed (to open an SSH connection or an SFTP session). They are not accessible to SiestaStudio staff in readable form during normal operation.
Removing credentials
Delete a cluster connection from Settings → HPC Connections. This removes the stored credential from the database immediately.