Skip to main content
ipmideck is built for people who read the source instead of trusting a vendor. The claims below are grounded in the product’s backend code.

Data & account security

Credentials are encrypted at rest, logins are hashed, and sessions are signed — the database alone is never enough to get in.

AES-256-CBC credential encryption

BMC credentials are encrypted at rest with AES-256-CBC and a random IV per secret. The encryption key lives in a separate key file (data/encryption.key, 32 random bytes, owner-only permissions) — never in the database — so a stolen database alone cannot decrypt anything.

bcrypt logins + HMAC-SHA256 signed sessions

Login passwords are hashed with bcrypt (per-password salt, constant-time verify). Session tokens are signed with HMAC-SHA256, revalidated on every request, and invalidated when a username changes. Cookies are HttpOnly and SameSite=Lax.

Brute-force lockout

Per-username lockout with exponential backoff after five failed attempts (up to an hour), plus timing-leak-safe generic errors so an attacker learns nothing from how a login fails.

No-shell ipmitool, fully offline

ipmitool is invoked through an argument list (create_subprocess_exec), never a shell — so there is no command-injection surface. The whole system runs fully offline: no telemetry, no cloud, no external calls.

Hardware protection

FanPilot is built to fail safe: thermal limits win over any curve, and the control loop keeps running even when you are not watching.

Safety override at the critical temperature

Fans are forced to 100% at or above the critical temperature (default 85°C, configurable). No fan curve can override the override — the thermal limit always wins.

Hysteresis to stop oscillation

A configurable hysteresis margin (default 3°C) prevents fans from rapidly oscillating up and down around a temperature limit, keeping speed changes smooth and predictable.

Autonomous background loop

Fan control runs in a background task (~30s poll) that keeps working with the dashboard closed — protection does not depend on a browser tab being open.

Unclean-shutdown recovery + graceful shutdown

After an unclean stop (power loss or kill -9) ipmideck restores the BMC’s own auto mode, and it auto-recovers on server-offline and stale-sensor detection. A clean shutdown hands fans back to the BMC’s thermal management.