Skip to main content

Platform Security

Learn more about security support on the Pantheon platform.

This section provides information on supported security for the Pantheon platform. Refer to the Secure Development on Pantheon guide for comprehensive security information.


SSH Keys

Pantheon does not provide access to a shell environment over SSH. These directions allow you to have passwordless access if you configure Git, SFTP, or Drush to use SSH keys.

You should load your public SSH key into your account to take full advantage of Pantheon. SSH keys are a best practice for authentication, allowing you more security than a simple password. You only have to configure this once, no matter how many sites you work on. Refer to Generate and Add SSH Keys for more information.

IP-Address Based Security Schemes

IP-based security is not recommended on Pantheon (or any cloud platform) because the actual IP address where code executes from can change as application containers are migrated throughout the infrastructure.

Refer to Dynamic Outgoing IP Addresses for more information.

Advanced Global CDN can provide IP-based allowlist and blocklist features, as well as IP-based routing if you require IP address-level access control. Please contact your Customer Success Manager (CSM) or contact us for more information.


Pantheon's platform security controls include blocking most UDP traffic originating from website containers to prevent platform abuse.

More Resources