Plane handles issue data, documents, comments, and workspace-level permissions. Harden identity controls, workspace isolation, and integration token governance.
¶ 1) Enforce strong workspace and admin controls
- Restrict workspace owners and platform admins to trusted operators.
- Disable open signup for internal installations.
- Integrate SSO and MFA through upstream IdP when possible.
- Review workspace member roles and invitation policies frequently.
¶ 2) Secure integrations and API tokens
- Store secret keys and integration tokens in managed secrets.
- Rotate personal and service tokens on schedule.
- Restrict webhook destinations and validate signatures.
- Disable unused integrations and stale OAuth grants.
¶ 3) Harden deployment and data layer
- Keep Postgres/Redis/object storage private.
- Enforce HTTPS and secure cookie/session settings.
- Patch Plane and dependencies frequently.
- Encrypt backups containing issues, docs, and comments.
- Plane source repository: https://github.com/makeplane/plane
- Plane security reporting (security policy): https://github.com/makeplane/plane/security/policy
Any questions?
Feel free to contact us. Find all contact information on our contact page.