If you have found a security vulnerability in a DigitalOcean product, please submit it via our Intigriti bug bounty program: https://app.intigriti.com/programs/digitalocean/digitalocean.

If you are a partner attempting to report a security concern via embargo, email us at [email protected].

If you wish to encrypt your communication, you may do so via encrypting a message to [email protected] with either the Age public key or GPG public key in this repo.

We recommend you leverage https://github.com/FiloSottile/age for encrypted communications.

1. Generate a public-private keypair.

   age-keygen -o secret_key.txt

2. Encrypt your message with our public key. Ensure your output is PEM-encoded with the --armor` flag.

   age --encrypt -r age12n58x3u8ky5nse8szjusasukdv8k0588raahk8lesvr6zt6nq9fsjkn2kw -o encrypt.txt --armor mymessage.txt
   # or
   age --encrypt -r age12n58x3u8ky5nse8szjusasukdv8k0588raahk8lesvr6zt6nq9fsjkn2kw -o encrypt.txt --armor <<< "My message"

   

3. Email the encrypt.txt to us at [email protected].

4. We will respond to any encrypted communications with an encrypted response. Decrypt a message with:

   age --decrypt -i secret_key.txt -o plain.txt response.txt

   

You may also send us GPG-encrypted communication using the GPG_public_key.txt file in this repository.