VictoriaMetrics' Approach
to Database Security

Systems & Processes to Prevent Information Security Risks

This is an overview of how we deal with security as a company and in our products as well as some recommendations on how others can keep their information systems secure.

Illustration of a secure laptop protected by a shield

Security at VictoriaMetrics Inc.

As a company that provides an open source time series database and monitoring solution both on-premises and in the cloud, we strive to ensure that our security practices are of the highest possible standard.

We apply the following security measures:

  • VictoriaMetrics Security Program

    Defines how we keep our company’s and customers’ data secure, assesses risk & addresses these risks.

    Defines security protocols for all Victoria Metrics operations, services, and systems.

  • Information Security Team

    Its main responsibility is to set up security processes, ensure their effectiveness, and handle security risks and incidents.

    Reach us at: security@victoriametrics.com

  • Security & Privacy Training

    We conduct Security & Privacy training for every new team member upon onboarding, and do annual reviews.

    The Information Security Team is responsible for implementing the Security and Privacy Training.

VictoriaMetrics Security Certifications

It is important to note that as a company we have achieved the following security certifications regarding:

  • Database software development

  • Software-based monitoring services

  • EAA:

    SIC - System of International Certification Certificate for Information Security Management System Certificate

  • AMERICAS:

    IAS - Certificate of Registration Information Security Management System

Mandatory Security Policies

We have a number of mandatory security policies.

Everyone on our staff must be familiar with and follow recommendations made by NIST and OWASP.

In addition, everyone must follow the policies defined in the VictoriaMetrics Information Security Program.

Finally, we follow a set of defined policies and procedures that deal with the following security-related topics:

  • Know-the-limits Policy
  • Device Security
  • Development Practices
  • Risks Assessment & Incident Response
  • Third-Party Services
  • Communication Channels

If you have any questions on these policies, please Contact Us

Key Security Features in VictoriaMetrics

The features we have built into VictoriaMetrics help users build a reliable and secure monitoring system with all the requirements one could expect and more.

We also provide a lot of features for building secure systems with access control, secure connections, etc.

Authentication & security features include:

  • Authentication & Routing

  • TLS & HTTPS support

  • JWT, LDAP, SSO

  • Support integration with Identity Providers

  • Control metrics visibility for your Users/Customers

  • Verify User signatures during the reading/writing of metrics

  • User-Based metrics routing

  • mTLS support between cluster components

If you'd like to know more about the security features in VictoriaMetrics, please visit our VictoriaMetrics Enterprise page or

Contact Us

Security for Open Source Projects

  • Many organizations nowadays have open source applications in their technology stacks and security is a growing threat, also in open source. However, there are a number of things businesses can do to ensure that they stay secure.

    • Project developers must continue to audit and enhance processes to keep up with constantly innovating cyber criminals. - Investing in a core system with better security credentials to reduce the potential of supply chain attacks by slashing the number of dependencies used. - Utilize only necessary third-party libraries, and depend only on well-known packages with credible security reviews.