[{"data":1,"prerenderedAt":286},["ShallowReactive",2],{"blog-is-safe/upstash":3},{"id":4,"title":5,"body":6,"category":266,"date":267,"dateModified":267,"description":268,"draft":269,"extension":270,"faq":271,"featured":269,"headerVariant":272,"image":271,"keywords":271,"meta":273,"navigation":274,"ogDescription":275,"ogTitle":271,"path":276,"readTime":277,"schemaOrg":278,"schemaType":279,"seo":280,"sitemap":281,"stem":282,"tags":283,"twitterCard":284,"__hash__":285},"blog/blog/is-safe/upstash.md","Is Upstash Safe? Security Analysis",{"type":7,"value":8,"toc":254},"minimark",[9,16,21,24,28,70,74,84,89,134,143,147,206,228,242],[10,11,12],"tldr",{},[13,14,15],"p",{},"Upstash is a secure serverless Redis and Kafka platform with strong defaults. It uses token-based authentication, TLS encryption, and offers a REST API that works in serverless environments. No direct Redis port exposure means reduced attack surface. A safe choice for caching, rate limiting, and serverless data needs.",[17,18,20],"h2",{"id":19},"what-is-upstash","What is Upstash?",[13,22,23],{},"Upstash provides serverless Redis, Kafka, and QStash services designed for edge and serverless environments. It's popular for caching, session storage, rate limiting, and real-time features with Vercel, Cloudflare Workers, and other edge platforms.",[17,25,27],{"id":26},"our-verdict","Our Verdict",[29,30,31,36,55,59],"pros-cons",{},[32,33,35],"h4",{"id":34},"whats-good","What's Good",[37,38,39,43,46,49,52],"ul",{},[40,41,42],"li",{},"TLS encryption required",[40,44,45],{},"REST API (no port exposure)",[40,47,48],{},"Read-only tokens available",[40,50,51],{},"SOC 2 Type II certified",[40,53,54],{},"Regional data residency",[32,56,58],{"id":57},"what-to-watch","What to Watch",[37,60,61,64,67],{},[40,62,63],{},"Token security is critical",[40,65,66],{},"No fine-grained ACLs",[40,68,69],{},"Shared infrastructure",[17,71,73],{"id":72},"rest-api-security","REST API Security",[75,76,77],"success-box",{},[13,78,79,83],{},[80,81,82],"strong",{},"Secure by Design:"," The REST API eliminates open Redis ports entirely. All requests go through HTTPS with token authentication.",[85,86,88],"h3",{"id":87},"token-types","Token Types",[90,91,92,108],"table",{},[93,94,95],"thead",{},[96,97,98,102,105],"tr",{},[99,100,101],"th",{},"Token",[99,103,104],{},"Permissions",[99,106,107],{},"Safe for Client?",[109,110,111,123],"tbody",{},[96,112,113,117,120],{},[114,115,116],"td",{},"REST Token",[114,118,119],{},"Full access",[114,121,122],{},"No - server only",[96,124,125,128,131],{},[114,126,127],{},"Read-only Token",[114,129,130],{},"Read commands only",[114,132,133],{},"Yes",[135,136,137],"info-box",{},[13,138,139,142],{},[80,140,141],{},"Best Practice:"," Use read-only tokens for client-side features like real-time displays. Keep write tokens server-side only.",[17,144,146],{"id":145},"upstash-vs-self-hosted-redis","Upstash vs Self-Hosted Redis",[90,148,149,162],{},[93,150,151],{},[96,152,153,156,159],{},[99,154,155],{},"Aspect",[99,157,158],{},"Upstash",[99,160,161],{},"Self-Hosted",[109,163,164,175,184,195],{},[96,165,166,169,172],{},[114,167,168],{},"TLS",[114,170,171],{},"Required",[114,173,174],{},"Optional",[96,176,177,180,182],{},[114,178,179],{},"Authentication",[114,181,171],{},[114,183,174],{},[96,185,186,189,192],{},[114,187,188],{},"Port exposure",[114,190,191],{},"None (REST)",[114,193,194],{},"Port 6379",[96,196,197,200,203],{},[114,198,199],{},"Dangerous commands",[114,201,202],{},"Disabled",[114,204,205],{},"Enabled",[207,208,209,216,222],"faq-section",{},[210,211,213],"faq-item",{"question":212},"Is Upstash safe for production?",[13,214,215],{},"Yes, Upstash is SOC 2 certified with encryption everywhere and secure defaults. Many companies use it for caching, rate limiting, and real-time features in production.",[210,217,219],{"question":218},"Can I use Upstash tokens in client-side code?",[13,220,221],{},"Only read-only tokens. Full access tokens should never be exposed to clients.",[210,223,225],{"question":224},"Where is my data stored?",[13,226,227],{},"Upstash offers regional databases in US, EU, and Asia-Pacific. You choose the region when creating a database.",[229,230,231,237],"related-articles",{},[232,233],"related-card",{"description":234,"href":235,"title":236},"Serverless Postgres security","/blog/is-safe/neon","Is Neon Safe?",[232,238],{"description":239,"href":240,"title":241},"Edge database security","/blog/is-safe/turso","Is Turso Safe?",[243,244,247,251],"cta-box",{"href":245,"label":246},"/","Start Free Scan",[17,248,250],{"id":249},"using-upstash","Using Upstash?",[13,252,253],{},"Scan your project for exposed tokens and security issues.",{"title":255,"searchDepth":256,"depth":256,"links":257},"",2,[258,259,260,264,265],{"id":19,"depth":256,"text":20},{"id":26,"depth":256,"text":27},{"id":72,"depth":256,"text":73,"children":261},[262],{"id":87,"depth":263,"text":88},3,{"id":145,"depth":256,"text":146},{"id":249,"depth":256,"text":250},"is-safe","2026-02-20","Is Upstash safe for production? Security analysis covering Redis security, token management, and encryption in Upstash's serverless data platform.",false,"md",null,"amber",{"noindex":274},true,"Security analysis of Upstash serverless Redis. Learn about token security and encryption.","/blog/is-safe/upstash","5 min read","[object Object]","Article",{"title":5,"description":268},{"loc":276},"blog/is-safe/upstash",[],"summary_large_image","7K_8G9hjqddiA39kB3pgxzVnK8zAD6DVrHtgZsGw9RE",1775843924313]