Home
Getting started
Workspaces
Images
Command line
Setup
Admin
Access control
Organizations
Registries
Satellites
Workspace management
Workspace providers
Access URL
Account dormancy
Appearance
Audit
Security
Dev URLs
Direct workspace connections
Fallback shell
Git integration
Prometheus integration
Licensing
Telemetry
Templates
Usage metrics
Guides
Changelog
Home
/
Admin
/
Security

Security

Coder offers security features that you can configure. These are available under Manage > Admin > Security.

HTTP Strict Transport Security

If you are serving Coder over HTTPS, we recommend enabling the Strict-Transport-Security Header option, which adds the HTTP Strict Transport Security header to responses. This browser feature requires future requests to occur over HTTPS.

Toggle HTTP Strict Transport Security Header

The Secure Cookie option controls the secure property of cookies that Coder issues. This prevents browsers from sending sensitive cookies, such as those containing credentials, over unencrypted (HTTP) connections. We recommend enabling this setting if you are serving Coder over HTTPS.

Toggle Secure Cookie

SSH

You can choose the SSH keygen algorithm Coder uses when generating SSH keys for users.

Coder allows you to choose between Ed25519, ECDSA, and RSA (4096 bits).

Choose SSH keygen algorithm

See an opportunity to improve our docs? Make an edit.
On this page