Security Model

What Borela stores, what it can access, and where the trust boundary sits.

Credentials

Each customer gets storage credentials for their Borela-managed backup bucket. The agent uses those credentials to write backup data. API keys authenticate the agent to the Borela control plane.

Backup data

Borela-managed restore drills require cloud-side read access to managed backups. Treat Borela as a backup processor for your SQLite database contents.

Metadata

Borela stores account email, plan, API key, project names, backup timestamps, byte counts, restore drill results, and alert history.

Retention and deletion

Agent-side Litestream retention defaults to seven days. Account deletion must delete customer metadata, storage credentials, and managed backup objects.

Unsupported today

Client-side encryption and customer-managed keys are not part of the launch path. Add them only when customer demand justifies the extra restore complexity.