Sparkler LogoSparkler

Security by design

Your users trust your app. You should trust your update infrastructure. Sparkler was built from the ground up with security as a core principle.

Our security philosophy

You control your keys

We never handle or store your private keys. Whether you use GitHub Actions for automated signing or sign builds locally, your private keys remain under your control. Sparkler only needs your public key.

Zero trust architecture

Sparkler verifies every update with cryptographic signatures. Even if our infrastructure were compromised, attackers couldn't push malicious updates.

How Sparkler secures your updates

EdDSA signatures

Sparkler uses modern EdDSA (Edwards-curve Digital Signature Algorithm) signatures to verify the authenticity of every app update. Each update is cryptographically signed by your private key, whether in your GitHub Actions workflow or on your local system. The Sparkle framework in your app verifies these signatures using your public key.

Secure storage and transfer

All update binaries are encrypted at rest and transferred via HTTPS. Our infrastructure runs on Cloudflare's global network, providing DDoS protection and TLS 1.3 encryption for all connections, with automatic certificate management.

Controlled distribution

Our phased rollout system gives you complete control over update distribution. If a vulnerability is discovered, you can immediately pause an update and roll out a fixed version. Distribution decisions are made by you, not automated systems.

Security best practices

Keep your private keys secure

Protect your private signing key with strong access controls. Store it only on secure systems, preferably with hardware security modules for production keys.

  • Use a secure password manager for key passphrases
  • Set up proper access controls in your CI/CD environment
  • Consider rotating keys periodically for maximum security

Secure CI/CD integration

When setting up your CI/CD pipeline with Sparkler, follow these best practices to ensure secure, automated updates.

  • Store CI secrets securely using your provider's secret storage
  • Restrict build and deployment permissions to trusted team members
  • Verify the integrity of all dependencies in your build process

Monitor and audit

Regularly review your Sparkler dashboard to identify unusual activity.

  • Set up alerts for unusual download patterns
  • Review access logs for your Sparkler account regularly
  • Perform periodic security reviews of your update process

Frequently Asked Questions

Ready for secure app updates?

Ship updates with confidence, knowing your users are protected by our secure infrastructure.

Read security documentation