Platform / Security & Authentication

Enterprise-Grade Security & Auth

Protect your codebase, infrastructure, and team with zero-trust architecture, granular access controls, and certified compliance frameworks.

View Integration Guides →

Authentication Protocols

Support for industry-standard authentication methods to integrate seamlessly with your existing identity providers.

Method Use Case Security Level Status
OAuth 2.0 / OIDC Third-party integrations & SSO High Production
SAML 2.0 Enterprise identity providers High Production
API Keys Service-to-service & CLI access Medium-High Production
SSH Keys Repository access & CI/CD runners High Production
Webhook Tokens Event-driven triggers & callbacks Medium Production

Core Security Architecture

Built on a zero-trust model with defense-in-depth principles.

🔐

Role-Based Access Control

Granular permissions at organization, project, and file levels. Support for custom roles, group inheritance, and temporary elevated access.

🛡️

Zero-Trust Network

Every request is authenticated and authorized. Mutual TLS for internal services, strict egress filtering, and isolated tenant boundaries.

🔑

Automatic Key Rotation

Automated rotation for API keys, SSL certificates, and encryption keys. Full audit trail with configurable retention policies.

📡

Real-time Threat Detection

AI-driven anomaly detection for login attempts, API usage spikes, and unusual repository activity. Instant lockout on compromise.

🔒

Encryption in Transit & Rest

AES-256 for stored data, TLS 1.3 for all connections. Customer-managed encryption keys (CMEK) available for enterprise plans.

📜

Immutable Audit Logs

WORM-compliant logging of all administrative actions, code changes, and authentication events. Exportable to SIEM systems.

Compliance & Certifications

Trusted by security-conscious teams across regulated industries.

🏛️

SOC 2 Type II

Annually audited for security, availability, and confidentiality controls.

🌍

ISO 27001

International standard for information security management systems.

🇪🇺

GDPR Compliant

Data processing agreements, right to erasure, and EU data residency options.

🔬

HIPAA Ready

BAA available, PHI handling safeguards, and secure audit trails for healthcare.

Quick Integration

Configure authentication and deploy security policies in minutes.

Enable SSO via CLI

# Connect your identity provider $ .git auth configure --sso --provider okta # Set domain & metadata URL $ .git auth set-meta --url https://company.okta.com/app/saml/metadata ✓ SSO configured successfully → Enforced for all organization members

Generate Scoped API Key

# Create key with read/write repo access $ .git keys create --name ci-runner --scopes repo:read repo:write ✓ API Key generated git_pat_x8k29...m3vz (expires in 90 days) # Store securely. Key is masked on subsequent requests.

Frequently Asked Questions

Technical guidance for security and authentication workflows.

How does .git handle session management?
Sessions are JWT-based with configurable expiration (default 24h). Refresh tokens are stored securely and rotate on each use. Idle timeout and concurrent session limits are enforced at the organization level.
Can I enforce 2FA/MFA for all users?
Yes. Organization admins can mandate TOTP or hardware key (FIDO2/WebAuthn) authentication via the security dashboard. Enforced upon next login with a configurable grace period.
How are API keys rotated automatically?
Keys support automatic rotation cycles (30/60/90 days). You can configure overlapping validity periods to prevent downtime. The CLI and API support graceful handover with dual-key validation during transition.
Do you support IP allowlisting?
Enterprise plans include IP allowlisting for dashboard access, API endpoints, and webhook receivers. CIDR notation is supported, and changes are applied in real-time without service interruption.