This checklist provides essential recommendations for securing and optimizing your Upstash databases for production workloads.Documentation Index
Fetch the complete documentation index at: https://upstash.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Security Features
Enable Prod Pack
Prod Pack provides enterprise-grade security and monitoring features:- 99.99% uptime SLA
- SOC-2 Type 2 report available
- Encryption at Rest
- Advanced monitoring (Prometheus, Datadog)
- Multi-Zone High Availability
- High availability for read regions
Prod Pack is available as a $200/month add-on per database for all paid plans except Free tier. It is already included within Enterprise Plan.
Enable Credential Protection
Protect your database credentials (Prod Pack feature):- Credentials are never stored in Upstash infrastructure
- Credentials are displayed only once during enablement
- Console features requiring database access are disabled
Configure IP Allowlist
Restrict database access to specific IP addresses:- Available on all plans except Free tier
- Supports IPv4 addresses and CIDR blocks
- Multiple IP ranges can be configured
Implement Redis ACL
Use Redis Access Control Lists to restrict user access:- Available on all paid plans
- Create users with minimal required permissions
- Available for both TCP connections and REST API
- Use
ACL RESTTOKENcommand to generate REST tokens
Enable Multi-Factor Authentication
Enable MFA on your Upstash account for enhanced security:- Use your existing authentication provider (Google, GitHub, Amazon)
- Consider using a dedicated email/password account for production
- Force MFA for all team members to ensure consistent security
- Regularly review account access and team member permissions
Secure Credential Management
Follow these best practices:- Never hardcode credentials in your application code
- Use environment variables or secret management systems
- Reset passwords immediately if credentials are compromised
- Use Read-Only tokens for public-facing applications
Network Security
TLS Encryption
TLS is always enabled on Upstash Redis databases.VPC Peering (Enterprise)
Connect databases to your VPCs using private IP:- Database becomes inaccessible from public networks
- Minimizes data transfer costs
- Available for Enterprise customers
Monitoring & Observability
Enable Advanced Monitoring
Prod Pack includes comprehensive monitoring:- Prometheus integration
- Datadog integration
- Extended console metrics (up to one month)
High Availability & Backup
Enable Daily Backups
Configure automated daily backups for data protection:- Available on all paid plans
- Backup retention up to 3 days with Prod Pack
- Hourly backups with customizable retention (Enterprise)
Global Replication
For global applications, consider using Global Database:- Distribute data across multiple regions
- Minimize latency for users worldwide
- Enhanced disaster recovery capabilities
Compliance & Governance
SOC-2 Compliance
Prod Pack and Enterprise plans include SOC-2 Type 2 compliance:- Request SOC-2 report from trust.upstash.com
- Available for production workloads
Enterprise Features
For enterprise customers:- HIPAA compliance available
- SAML SSO integration
- Access logs available
- Custom resource allocation
Pre-Production Checklist
Before going live, ensure you have:- Prod Pack enabled (strongly recommended)
- Credential Protection enabled
- IP Allowlist configured
- MFA enabled on your account
- Daily backups enabled
- Monitoring and alerts configured
- Environment variables secured
- Error handling tested
Additional Resources
- Security Features
- Prod Pack & Enterprise
- Backup & Restore
- Global Database
- Monitoring & Metrics
- Compliance Information
- Professional Support