Skip to content

Render Security

DevOps Accounts

Authored by:

Auditware
Auditware
Auditware

Summary

🔑 Key Takeaway for Render: Secure your Render account by enabling two-factor authentication, regularly reviewing CLI tokens, API keys, and SSH public keys, and for workspaces, maintaining strict team member access controls and enabling audit logs.

This checklist is adapted from Auditware's W3OSC standards.

For Individuals

These settings apply to your personal Render account. All team members and admins should configure these on their own accounts.

Account Security Checklist

  • Account Settings >
    • Account Security > Two-Factor Authentication > Enabled
    • CLI Tokens > Review and remove any unnecessary or unrecognized
    • API Keys > Review and remove any unnecessary or unrecognized
    • SSH Public Keys > Review and remove any unnecessary or unrecognized

For Team Members

These guidelines apply to team members who have access to shared Render workspaces but don't have full administrative access.

Team members should:

  • Ensure their individual account settings are configured according to the checklist above
  • Use the principle of least privilege when accessing workspace resources
  • Report any suspicious deployments or unauthorized changes to workspace admins

For Admins

These settings and practices apply to Render workspace administrators with elevated privileges.

Workspace Settings

  • Workspace Settings >
    • Team Members > Review and remove any unnecessary or unrecognized
    • Audit Logs > It is highly recommended that you sign up for an Organization or Enterprise plan in order to enable this

Help us improve!

Spotted an error or have ideas to enhance this content?

Your contributions are valuable to us. Learn more

✏️ Contribute today!