Security is the product.

Every domain gets a valid certificate automatically, via Let's Encrypt or ZeroSSL, with renewals handled for you. On-demand issuance is gated to verified domains only, so one tenant can never request a certificate for a hostname they don't control.

Generated configuration is validated against the plugin Caddy build before it is ever staged, and the per-node agent re-validates before applying. Caddy's config load is atomic: an invalid config is rejected and the running configuration stays up. A bad change cannot take a node down.

Access is scoped through an organization, team, and role model. Customer admins only ever see their own organization's domains, routing, traffic, and certificates. Hostnames are globally unique across tenants, so two organizations can never claim the same domain.

Passwords are hashed with Argon2. Email verification, single-use password-reset links, and rate limiting on authentication are built in. Owner-level changes require an owner, not just an admin. Sessions are signed, HTTP-only, and SameSite-protected.

DNS-challenge tokens, registry passwords, and other credentials are encrypted at rest with AES-256-GCM and referenced by id — never rendered into a config that leaves the control plane in plaintext beyond the node that needs it.

Found something? We want to hear about it. Contact us and we'll respond quickly. Enterprise plans include a formal security review and a DPA.