Security

This guide provides a high-level overview of Fauna’s security features and capabilities.

Compliance

Fauna prioritizes security and compliance. Fauna is compliant with GDPR and SOC2 Type II. Fauna can be configured to meet HIPAA requirements.

Data encryption

All Fauna connections use HTTPS. Connections must use Transport Layer Security (TLS) version 1.2 or better. This ensures point-to-point encryption between your Fauna and your client application. Data uploaded to Fauna is encrypted at rest.

Authentication

Fauna uses stateless, token-based authentication. Every transaction is an independently secured HTTP API request.

Fauna supports several methods for creating authentication tokens, including integration with external identity providers (IdPs).

See Authentication

Authorization

Fauna supports both role-based access control (RBAC) and attribute-based access control (ABAC). In Fauna, you can use ABAC to dynamically change access at query time based on multiple attributes.

For more control, you can choose to only allow data access through server-side user-defined functions (UDFs). UDFs give you granular control over the way data is accessed and returned.

See Authorization

Multi-tenancy

A Fauna database can have multiple child databases. Child databases can have their own child databases.

Each database is logically isolated from its peers, with separate access controls. Transactions run in the context of a single database and can’t access data outside the database. This simplifies the process of building multi-tenant applications with strong isolation guarantees.

You can copy and deploy roles across databases using FSL files and a CI/CD pipeline. For example pipelines, see Manage schema with GitHub Actions and Manage schema with GitLab CI/CD.

Private endpoints

Fauna offers private endpoints that connect directly to your virtual private cloud (VPC). This lets you use Fauna without exposing your traffic to the Internet or other public networks.

See Private endpoints

Virtual Private Fauna

Virtual Private Fauna lets you use Fauna in a single-tenant environment with no infrastructure management.

You can fully customize Virtual Private Fauna to meet your specific security and compliance needs. Virtual Private Fauna is available across a single region, multiple regions, or multiple clouds of your choice.

Is this article helpful? 

Tell Fauna how the article can be improved:
Visit Fauna's forums or email docs@fauna.com

Thank you for your feedback!