If you have found a security vulnerability in a DigitalOcean product, please submit it via our Intigriti bug bounty program: https://app.intigriti.com/programs/digitalocean/digitalocean.
If you are a partner attempting to report a security concern via embargo, email us at security@digitalocean.com.
If you wish to encrypt your communication, you may do so via encrypting a message to security@digitalocean.com with either the Age public key or GPG public key in this repo.
We recommend you leverage https://github.com/FiloSottile/age for encrypted communications.
-
Generate a public-private keypair.
age-keygen -o secret_key.txt
-
Encrypt your message with our public key. Ensure your output is PEM-encoded with the --armor` flag.
age --encrypt -r age12n58x3u8ky5nse8szjusasukdv8k0588raahk8lesvr6zt6nq9fsjkn2kw -o encrypt.txt --armor mymessage.txt # or age --encrypt -r age12n58x3u8ky5nse8szjusasukdv8k0588raahk8lesvr6zt6nq9fsjkn2kw -o encrypt.txt --armor <<< "My message"
-
Email the
encrypt.txtto us at security@digitalocean.com. -
We will respond to any encrypted communications with an encrypted response. Decrypt a message with:
age --decrypt -i secret_key.txt -o plain.txt response.txt
You may also send us GPG-encrypted communication using the GPG_public_key.txt file in this repository.