Follow this guide to make sure your application integrating Tanker is ready for production.

Manage identities in your server

This is explained in details in this guide.

Encrypt and share data client-side with Tanker

Learn how to encrypt and share here.

Security considerations

The SDK is designed to be easy to use and hard to misuse, however to ensure the best possible security some principles need to be followed.

This guide exposes important guidelines, we strongly recommend you stick to them. There may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.

App secret

Disable test mode

Your production app must have the test mode disabled. When you create it, you will get its secret. It will be used by your server-side application to authorize the addition of every user's first device. It does not allow you to decrypt any user data.

Tanker staff does not have access to your app secret, so please make sure to never lose it as it cannot be recovered. It must be saved securely, preferably stored in a physical location like a safe.

Safely store the app secret server-side

If the app secret leaks (for instance, if it's included in code running client-side), then it gives administrative privileges to all your users.

Thus, it should be safely stored only on your servers, and protected as any other secrets your servers may be using.

Tanker identity

The identity has several purposes:

  • It protects the private keys stored on users' devices
  • It contains signature keys used to make sure user additions are legitimate
  • It links the user in your application with Tanker

Note that its generation uses the app secret.

Only send the identity to authenticated users

If you fail to check users are authenticated before returning their identity, attackers may impersonate legitimate users and any resource shared with them will be compromised.

Store the identity server-side

Each identity must only be generated once per user, so you should store the identities on your servers so that they are available any time an authenticated user wants to open a session.

Do not store the identity client-side

If you store the identity client-side unencrypted, anyone with access to the device will be able to decrypt, encrypt and share any data without needing to authenticate to your servers.

Configure allowed origins

The tanker SDK implements the Cross Origins Ressource Sharing (CORS) mechanism.

When you create an app in the dashboard you can specify a whitelist of allowed origins. The calls from any other origin will be blocked by web browsers. If not configured, all origins are accepted.

For security purposes we strongly advise you to configure allowed origins in your app settings.


If you use the upload and download API, make sure that you have configured your own bucket in the dashboard for your App. In the default bucket, files expire after 48 hours.

Your app is now ready for production!