Self-hosted Nhost includes database, auth, storage, and GraphQL services. Security depends on strict secret management, Postgres/network isolation, and controlled admin access.
- Restrict who can manage Nhost infrastructure and admin interfaces.
- Use strong identity provider policies and MFA for operators.
- Separate development and production credentials/resources.
- Rotate service credentials and JWT signing keys on schedule.
¶ 2) Harden database and API exposure
- Keep PostgreSQL and internal services private.
- Expose only required ingress endpoints with HTTPS.
- Restrict GraphQL and auth endpoints with rate limits and abuse controls.
- Apply least-privilege DB roles for app services.
¶ 3) Protect data lifecycle and compliance posture
- Encrypt backups containing user, auth, and storage metadata.
- Define retention policy for logs and user-uploaded content.
- Patch Nhost stack and underlying dependencies regularly.
- Audit access logs and administrative actions.
- Nhost self-hosting overview: https://docs.nhost.io/platform/self-hosting/overview
- Nhost self-hosting support/community: https://docs.nhost.io/platform/self-hosting/community
- Nhost source organization: https://github.com/nhost
Any questions?
Feel free to contact us. Find all contact information on our contact page.