Security & Maintenance

9. Security Best Practices

• JWT Secrets: Ensure access_secret and refresh_secret are at least 32 characters.
• HTTPS: Always use a reverse proxy (Nginx/Caddy) for TLS in production.
• Rate Limiting: Use the built-in rate limiter to prevent brute force attacks.
• Encryption: Use security.encryption_key for sensitive database fields.

8. Operations & Maintenance

Monitoring

Use the /health endpoint for uptime monitoring.

Logging

Logs are rotated daily in the logs/ folder. Set logging.level to debug for verbose traces.

Backup

For SQLite, simply copy the data/rivo.db file. For PostgreSQL, use pg_dump.