DriveShiftStart migration

Security model

Governed by
design.

DriveShift separates user identity, tenant credentials, migration records, and audit history so each organization's migration data stays scoped and reviewable.

Google-only identity

Users authenticate through Google OAuth. DriveShift does not store user passwords.

Encrypted tenant credentials

Service-account JSON is encrypted with AES-256-GCM before storage.

Postgres system of record

Organizations, users, sessions, plans, tenant connections, jobs, inventory, permissions, and audit logs are persisted in Postgres.

Audit-first operations

Authentication, tenant connection changes, and migration job creation are written to audit logs.

Production deployments should set secure cookies, a strong encryption key, managed Postgres backups, TLS-only database access, Google OAuth production redirect URIs, and restricted CORS origins.