Ralph manages CMDB/DCIM and asset lifecycle data across datacenters and LAN environments. Harden Django admin access, API keys, and asynchronous worker boundaries.
¶ 1) Secure admin, API, and role boundaries
- Restrict Django admin access to trusted users and networks.
- Enforce least privilege on Ralph roles and permissions.
- Rotate API tokens and service credentials periodically.
- Disable unused API endpoints or integrations where possible.
- Keep PostgreSQL/Redis/Celery services private.
- Force HTTPS and secure cookies at ingress.
- Run workers and web services with separate least-privilege accounts.
- Restrict filesystem access for imports/exports and attachments.
¶ 3) Patch and audit continuously
- Keep Ralph and dependencies patched from official releases.
- Review Celery task logs for suspicious mass updates.
- Encrypt backups containing asset ownership and location data.
- Audit permission and configuration changes regularly.
- Ralph documentation: https://ralph.readthedocs.io/
- Ralph source repository: https://github.com/allegro/ralph
Any questions?
Feel free to contact us. Find all contact information on our contact page.