Skip to main content

9 posts tagged with "security"

View All Tags

Security Levels: One-Click Security Policy for Your Trading Org

· 9 min read
VolatiCloud Team
VolatiCloud

Managing a crypto trading organization means balancing two things that rarely cooperate: operational speed (bots that restart automatically, sessions that stay unlocked so backtests can run overnight) and data security (passphrase-gated decryption, runner isolation, per-action proof of key knowledge). Until now, configuring that balance required setting five or six independent flags — and nothing stopped you from reaching a state that was technically impossible, like enabling Strict mode without passphrase encryption first.

Organization Security Posture: Know Your Risk Score Before Something Goes Wrong

· 8 min read
VolatiCloud Team
VolatiCloud

Most trading teams discover a security gap the hard way — an API key leaks, a stale team member still has access, or an account has no recovery path when the person who set it up leaves. VolatiCloud's new Organization Security Posture hub changes that: it computes a real-time risk verdict for your organization and tells you exactly what to fix, before anything breaks.

Passkey-Encrypted Strategies: Your Algorithm Stays Yours

· 9 min read
VolatiCloud Team
VolatiCloud

Your trading strategy's logic is a competitive asset. A finely tuned MACD divergence filter, a multi-timeframe confluence signal, a DCA ladder calibrated to your risk tolerance — that intellectual work has real value. It lives in your account on our servers, and until now you had to trust that we would keep it safe. With passkey-bound strategy encryption, you don't have to.

Passkey-Encrypted Strategies: Hardware-Bound Protection for Your Trading Alpha

· 9 min read
VolatiCloud Team
VolatiCloud

Every strategy you build represents real work — indicator combinations refined through dozens of backtests, parameter ranges tuned with Hyperopt, edge conditions you found by watching equity curves collapse in ways you didn't expect. When you deploy that code to any cloud platform, a legitimate question is: who can read it? Until now, the honest answer for VolatiCloud was "we can, technically." That changes today with passkey-bound end-to-end encryption for strategies.

Passphrase-Protected Bots: How Strict Mode Encrypts Your Strategy Code

· 6 min read
VolatiCloud Team
VolatiCloud

Every cloud trading platform faces the same architectural problem: to run your bot, the server must read your strategy code and exchange credentials. VolatiCloud already encrypted API keys at rest with AES-256-GCM, but the encryption key was still platform-controlled. Strict mode changes that — your strategy code, bot configs, and exchange secrets are now protected by a passphrase the platform never holds.

Org Passphrase: User-Controlled Encryption for Exchange API Keys

· 10 min read
VolatiCloud Team
VolatiCloud

Server-managed encryption protects your exchange API keys from database dumps — but it still means the platform holds both the ciphertext and the decryption key. If the key management system is ever compromised alongside the database, that protection collapses. VolatiCloud's organization passphrase feature adds a second, independent layer: a key derived entirely from something only you know, using an algorithm designed to make brute-force infeasible. Your API keys are encrypted before the platform ever sees the raw values.

Exchange API Key Security: Why Your Trading Bot Can't Drain Funds

· 9 min read
VolatiCloud Team
VolatiCloud

Giving a third party access to your exchange account sounds risky. In the worst-case scenario you can imagine, the platform gets hacked, your API keys are stolen, and your funds disappear. That scenario is real — but it is also completely preventable with one setting that costs you nothing to enable: withdrawal-disabled API keys. This post explains what that restriction actually does, the additional layers VolatiCloud enforces on top of it, and how to generate keys that even a full database breach cannot turn into stolen funds.