Dokku provides app deployment and plugin management on a single host, so host hardening is critical.
¶ Host and Access Security
- Restrict SSH Git deploy access to approved keys and users only.
- Separate admin SSH from deploy SSH identities.
- Keep host OS, Docker, and Dokku plugins patched.
¶ App Isolation and Secrets
- Run apps with least privilege and minimal exposed ports.
- Store app secrets via Dokku config vars from secure source, not in repos.
- Control plugin permissions and remove unused plugins.