DriveLink

Security

Security design principles and operational safeguards in DriveLink.

DriveLink is designed to reduce credential exposure while keeping day-to-day file access simple for users.

Authentication support

  • Username and password authentication for standard SFTP deployments.
  • SSH private key authentication, including passphrase-protected keys.
  • Key-based and password-based workflows can coexist across different connections.
  • Users can choose to save encrypted secrets or be asked when connecting.
  • Test Connection lets users validate network, authentication, host key, and remote path before mounting.

Credential protection approach

  • Credentials are encrypted at rest with Windows user and machine scope.
  • Credential material is separated from centrally managed endpoint definitions.
  • Access to encrypted blobs is intentionally constrained to the intended local context.
  • Passwords and key passphrases are never written to logs or copied support details.

Host-key trust

DriveLink pins each server’s SSH host-key fingerprint per connection. On first successful test or connection, the fingerprint can be saved. Later mismatches are blocked and shown with both the trusted and received fingerprints so users can verify a legitimate server rebuild or key rotation before trusting the new key.

Operational safeguards

  • Managed endpoint definitions help prevent accidental drift in host and path settings.
  • Local configuration boundaries support least-privilege desktop operations.
  • Read-only mount mode can reduce accidental changes on sensitive remote folders.
  • Redacted diagnostic logs and copyable support details help IT troubleshoot without asking users for secrets.
  • Quiet upgrade workflows reduce risky manual reinstall patterns.

Security-focused deployment guidance

  1. Deploy centrally managed endpoint definitions first.
  2. Require users to enroll credentials only after baseline policy is present.
  3. Standardize key management procedures for support teams.
  4. Audit endpoint policy changes through your existing change process.

Security responsibilities

DriveLink provides secure defaults and policy hooks, but enterprise outcomes still depend on:

  • Strong endpoint hardening and patching.
  • Least-privilege access control for administrators and users.
  • Internal operational controls for secrets, key rotation, and offboarding.