Heroku Enterprise – Shield Private Space Overview

Shield Private Spaces include additional features for building high-compliance applications. Shield Private Spaces come at an additional cost.

Shield Private Spaces is basically the Private Space with additional security (shield), you can view more on what Private Space is here, Herkou Enterprise Private Space Overview

  • In a Shield Private Space, all input typed into an interactive heroku run session is logged to the app or space log stream. This allows you to meet specific compliance requirements for production access auditing.
  • Shield Private Spaces allow you to manage logging at the space level, configuring a single log drain for all applications in the space.
  • Shield Private Spaces enforce stricter requirements for TLS termination. TLS 1.0 cannot be used to connect to applications in a Shield Private Space.
  • Shield Private Spaces provide keystroke logging, which logs all user keystrokes typed into interactive heroku run sessions.
  • Private Space Logging is a feature only available to Shield Private Spaces.
  • Private Space Logging (only available in Shield Private Space)  is a feature that enables you to configure log capture at the space level instead of the app level. When Private Space Logging is enabled, all log events from applications, Heroku Postgres databases and Heroku system services in the space are forwarded to a single log capture destination.
  • Logs are sent as HTTPS POST requests.Each request body can contain up to 500 log lines. A request is sent from Private Space Logging to the log drain once the log batch is equal to 500 log lines or 250 ms has elapsed, whichever comes first.The maximum length of a single log line is 10k bytes, with longer lines split into multiple lines.

    While unlikely, this means that the maximum Private Space Logging request could be as large as 5000 KB. If you intend on using a 3rd-party logging provider, you should check their logging request size limits.

  • When Private Space Logging is enabled, the logs are sent to the destination and not used by Logplex.

Thanks for Reading

Enjoyed this post? Share it with your networks.

Leave a Feedback!