# Security Best Practices

> Essential security practices for applications deployed on Ploi Cloud, including domain validation and multi-layer protection.

Security on Ploi Cloud
----------------------

Your applications are protected by multiple layers of security that work automatically behind the scenes.

### Application Security

- Automatic HTTPS encryption for all your applications
- Environment variables keep your secrets safe (no .env that can be leaked)
- Every application gets an automatic SSL certificate.

### Application Isolation

- Each application runs in its own secure environment
- Applications cannot access each other's data or resources
- Non-root execution for enhanced security
- Automatic security updates applied regularly

### Network Protection

Ploi Cloud automatically provides:

- Complete isolation between applications
- Encrypted connections between your services
- Protection from external threats
- Secure build environments for your deployments

### Domain Security and Validation

All custom domains go through comprehensive validation before being added to your applications:

- Format validation ensures domains follow internet standards
- DNS verification confirms the domain exists and is properly configured
- Connectivity checks verify the domain is accessible
- Prevents typosquatting and malicious domain configurations
- Ensures domains are ready for SSL certificate provisioning

This validation helps protect against domain hijacking, invalid configurations, and ensures smooth SSL certificate generation for all your custom domains.

### Data Protection

- All secrets are encrypted before storage
- Secure session management
- Automatic log sanitization to prevent secret leakage