Google-only identity
Users authenticate through Google OAuth. DriveShift does not store user passwords.
Security model
DriveShift separates user identity, tenant credentials, migration records, and audit history so each organization's migration data stays scoped and reviewable.
Users authenticate through Google OAuth. DriveShift does not store user passwords.
Service-account JSON is encrypted with AES-256-GCM before storage.
Organizations, users, sessions, plans, tenant connections, jobs, inventory, permissions, and audit logs are persisted in Postgres.
Authentication, tenant connection changes, and migration job creation are written to audit logs.
Production deployments should set secure cookies, a strong encryption key, managed Postgres backups, TLS-only database access, Google OAuth production redirect URIs, and restricted CORS origins.