Skip to content
SuperKloud
fr Join the waitlist
Security

Security isn't a feature. It's the floor.

SuperKloud assumes no route should be reachable without auth, no secret should sit in plain text, and every sensitive action should leave a trail.

Security

Zero Trust, by default.

No app exposed without auth. No traffic in clear. No secrets in plain text. This is the baseline, not an option.

SuperKloud Zero Trust flow HTTPS traffic hits the reverse proxy and reaches the app only after OIDC validation. User Reverse proxy · TLS 1.3 OIDC natif App HTTPS Bearer JWT Verified LDAP source of truth Zero Trust flow Aucune app n'est jamais jointe sans passer par les deux gardiens.

Reverse proxy + TLS 1.3

A single entry point in front. Every route encrypted. Certificates renewed automatically.

Native OIDC

SuperKloud issues its own tokens. No external dependency. No identity leaking to a third party.

Optional 2FA

Per-user TOTP (Google Authenticator…) and WebAuthn security keys. Strongly recommended for admins.

LDAP as source of truth

One identity per user. A change propagates instantly to every app.

Hardened host

From install: key-only SSH with brute-force protection, firewall configured, intrusion detection running. You don't have to think about it.

Audit logs

Every sensitive action is logged and timestamped. You know who did what, and when.

Host hardening

The server itself is locked down, from day one.

SuperKloud doesn't just deploy apps: its installer hardens the host before any app lands. You get a production-ready server, not a stack to assemble.

SSH hardened

Key-only auth, root login disabled, brute-force protection. No more unauthorized access on the SSH port.

Firewall configured

Only the ports you actually need (HTTPS, key-based SSH) are open from install. Everything else is silently dropped.

Intrusion detection

Real-time behavioural analysis of intrusion attempts, scans and malicious activity. Automatic banning of suspicious sources.

2FA

Two-factor authentication, ready to use.

Every account can enable a second factor in a few clicks. Strongly recommended for every admin — a prompt shows up on first login.

TOTP (Google Authenticator, 1Password…)

Works with every standard authenticator app. QR code to scan, recovery codes generated. Enabled from the user profile.

WebAuthn keys (YubiKey, passkey)

For sensitive accounts or orgs that want hardware authentication. Multiple keys can be registered per user.

Sovereignty & compliance

Your data on your box

SuperKloud installs on your server. No application data transits through our systems. You stay the sole data controller.

GDPR-friendly by design

Centralized identities, access logs, one-click removal of a user everywhere. The GDPR-essential building blocks are there.

Portability guaranteed

Every app in the catalog is open-source. Your data lives in standard formats you keep. If you leave, your apps keep running without us.

Structured audit logs

Auth, user creation, deploys, permission changes — all logged in structured JSON, exportable.

Waitlist now open

Be the first to know

Drop your email. We'll reach out the day the product is ready — no newsletter spam.

What's the use case you have in mind?

Which needs do you want covered? (optional, pick any)

Tick what you need — we pick the right app behind the scenes.