Guides

Security Best Practices

Secure your Odoo instances with these recommended practices.

Monitoring guideAPI authentication

Overview

Security is built into every layer of Nurosentrix. This guide covers best practices to ensure your Odoo instances remain secure.

Account Security

Strong Passwords

  • Use a password manager to generate strong, unique passwords
  • Minimum 12 characters recommended
  • Include uppercase, lowercase, numbers, and symbols
  • Never reuse passwords across services

Account Protection

Nurosentrix includes automatic account protection:

  • Account lockout after 10 failed login attempts
  • 15-minute lockout period
  • Email notifications for suspicious activity

Access Control

Role-Based Access Control (RBAC)

Nurosentrix supports granular permissions with these roles:

RolePermissions
OwnerFull access to all resources and settings
AdminManage servers, instances, and users
DeveloperDeploy and manage instances
ViewerRead-only access to dashboards

Inviting Team Members

  1. Go to Settings → Team
  2. Click "Invite Member"
  3. Enter their email address
  4. Select an appropriate role
  5. Click "Send Invite"

Principle of Least Privilege

Always assign the minimum role needed for each user's tasks.

Manage users and roles from Settings → Team. Audit logs and security settings live under Settings.

API Security

API Token Best Practices

  • Create separate tokens for each integration
  • Use descriptive names to identify token purposes
  • Grant only necessary permissions
  • Rotate tokens periodically
  • Revoke unused tokens immediately

API keys are managed in Settings → API Keys. Assign the minimum permissions required for each integration.

Storing Secrets

  • Never commit API tokens to version control
  • Use environment variables for sensitive data
  • Use secret management tools in production
# Good: Use environment variables
export NUROSENTRIX_API_TOKEN="nsx_live_..."

# Bad: Hardcoded in code
token = "nsx_live_..."  # Never do this!

Encryption

Data at Rest

Nurosentrix encrypts sensitive data at rest using AES-256:

  • API tokens and credentials
  • SSH keys
  • Cloud provider credentials
  • Webhook secrets

Data in Transit

  • All API communication uses TLS 1.3
  • Odoo instances are configured with HTTPS by default
  • SSH connections use strong cipher suites

Instance Security

SSL/TLS Certificates

All instances automatically receive Let's Encrypt SSL certificates. Certificates are renewed automatically before expiration.

Firewall Configuration

By default, only these ports are open:

PortPurpose
22SSH (restricted to Nurosentrix IPs)
80HTTP (redirects to HTTPS)
443HTTPS

Odoo Security Settings

Recommended Odoo configuration:

  • Disable database manager in production
  • Set a strong database master password
  • Limit session lifetime
  • Enable CSRF protection

Audit Logging

Nurosentrix logs all significant actions:

  • User logins and logouts
  • Server and instance creation/deletion
  • Configuration changes
  • Backup and restore operations
  • API token creation and revocation

Viewing Audit Logs

  1. Go to Settings → Audit Logs
  2. Filter by date, user, or action type
  3. Export logs if needed

Backup Security

  • Backups are encrypted before storage
  • Use separate cloud credentials for backup storage
  • Enable bucket versioning to prevent accidental deletion
  • Consider enabling MFA delete on S3 buckets

Security Checklist

  • Use strong, unique passwords
  • Assign appropriate roles to team members
  • Create separate API tokens per integration
  • Store secrets in environment variables
  • Verify SSL certificates are active
  • Configure backup encryption
  • Review audit logs regularly
  • Rotate API tokens periodically

Reporting Security Issues

If you discover a security vulnerability, please report it responsibly by emailing security@nurosentrix.com. We take all reports seriously and will respond promptly.