Security at every layer.
TLS in transit, encrypted credentials at rest, secure session management, and API key hashing -- built on proven security primitives from the ground up.
Transport Security
All API communication over HTTPS/TLS. Every request encrypted end-to-end between your client and Glasshouse servers. No plaintext data in transit, ever.
Credential Storage
Better Auth handles password hashing with industry-standard bcrypt. Session tokens are cryptographically signed. OAuth tokens stored securely with provider-specific encryption.
$2b$12$Kx9...hG4eeyJhbGci…x8Qkgho_R8xk…nP2vAPI Key Security
Keys hashed with SHA-256 before storage. Displayed only once at creation. Instantly revocable. Per-key usage tracking for anomaly detection.
gh_live_••••••••••••••••••k4QmSession Management
Signed session cookies with configurable expiry and server-side validation. Automatic session invalidation on password change or suspicious activity.
Enterprise
IP Allowlisting
Enterprise feature: restrict API access to approved IP ranges. Only requests from your trusted network can reach your Glasshouse workspace.
10.0.0.0/8Internal network192.168.1.0/24Office VPN203.0.113.0/24CI/CD pipelineInfrastructure Security
Environment-based configuration (no hardcoded secrets). CORS controls with configurable trusted origins. CSRF protection built into the authentication layer. Rate limiting at the API gateway level.
Frequently asked questions.
Ready to start? Start building with a free account. Speak to an expert for your Pro or Enterprise needs.