Support login by U2F (Yubikey, Trezor, ...)
Support most secure way to login services. This is reason why I prefer AWS for the most critical applications.
Scoped API Access
When creating an API token, allow fine grained scoped control. An example use case is, when using LetsEncrypt to generate your certificates, you can perform a DNS challenge to authenticate control of the domain. This adds a TXT record to your domain, confirming you have access to that domain. You currently need to give your "god-mode" API token to do this using DigitalOcean. With scoped access, you could create an API token with "dns:modify" and that's all that API token would be allowed to do. This would reduce the attack surface if the API token gets leaked from your droplet.
Please, add security keys for F2A
Implementing physical security keys like Yubikeys will improves a lot the security of the accounts ! This is a priority feature because it protects our accounts ! Thanks.
Set Billing Cap
Please can we introduce a billing cap. No matter how secure your setup something could go wrong and someone could quickly rack up a massive bill, on your account. I think there should be a billing cap option and then also alerts based on this cap. So say you can set it to alert you at x% and then y% of the cap. Currently there is option to set one alert but thats not really good enough.
Team accounts with fine grain control
Continuing from http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3981054-allow-team-accounts , that is great for multiple developers. However, I would like to set a billing contact from our finance department who is not a developer and I don't want to give access to anything but billing. As well as that, I am sure there are other use cases were a team lead might want to do one of the following: restrict access to certain servers to certain users or have an infrastructure employee restrict dev servers to developers, staging servers to devs and testers, and then prod/live to minority of devs, for example Sum up: Ability to assign finance, infra (for downtime, maintenance work etc.), account super admin users with different abilities. Ability to assign a users to a account group. Ability to restrict droplets to certain users or user groups, and then that users abilities can be view, edit/view, or all access. Thanks!
Let me redesign your platform. Its got to be the most boring thing I've ever seen. Top selling company's have vibrant and colorful eye catching advertisements. You have no lure except that it is actually a good product. Let me redesign your platform and give it a new look. People rarely read anymore. Even in development and enterprise platforms...everything is follow the bold highlighted categories to find API deployment. Copy and paste. Your advertising to people who want easy deployment no legwork. It's a great product, but your marketing visual appeal is terrible. I have over 20 years experience as an artist, I've done plenty of marketing. Let me redesign these bland pages. People spent NO MORE THAN A GLANCE to judge your product. The best thing you have is the words one click deployment and $200. Look at top selling companys. They tend to font that's adjusted for people with adhd. Very vibrant colorful. Smiling faces. People laughing and enjoying themselves because they don't do anything at all, you know why? Because they have your product. A few clicks here and a few clicks there, their business is a okay and.. they are back to their worry free profit making happy lives. Jordan K. Maeen, Headhancho@josmarketplace.com I'm new as a programer, not as an artist. My site is under construction. You help me, I'll help you? Partner with me.
Frontend change font to white
Hello! Url: https://www.digitalocean.com/go/app-platform?utm_campaign=emea_brand_kw_en_cpc&utm_adgroup=digitalocean_app_platform_bmm&_keyword=digitalocean%20app%20platform&_device=c&_adposition=&utm_content=conversion&utm_medium=cpc&utm_source=google&gclid=Cj0KCQiAveebBhD_ARIsAFaAvrFeX9zWGEypPcriN9TsrBuSuqzXuIsB4QCbrjxePasn5Fj6UZQJykIaAqYIEALw_wcB on pricing comparison basic: div class: PricingComparisonStyles__StyledPricingCard-sc-43zjrd-5 jJkJma" Please change font to white. Kind Regards, Andreas
Ask for password before issuing a destroy or rebuild
When destroy a droplet, system should ask to enter password to confirm before delete it for more safety. Since this is the most important decision.
Fine grained API tokens
The new API is great and being able to create multiple access tokens is too, but it feels extremely dangerous to save an API token that can potentially destroy ALL my droplets for all my clients on just a single droplet that only needs the API for a specific use case. My example: a weekly task that consumes a large amount of memory: my client has to contact me to resize 4GB -> 32GB before initiating the task (or pay for a 32GB instance all the time, which doesn't make sense). It feels strange that I have to do all this, just because I'm refusing to do something that's dangerous. Hope you'll be able to do something about it :-)