# Essential Security Practices for DVS Developers

**Least Privilege:**&#x20;

Containers should run with the minimum required privileges, which should be specified by the DVS developer team. If not specified, operators should consult the DVS developer team directly.

**Security and Maintenance:**

* Emit runtime logs, including security events.
* Use minimal base images, such as [ko Go containers](https://ko.build/), to reduce the attack surface.
* Release updated images with security patches regularly.
* Ensure DVS-related ECDSA keys are used only for non-fund-holding updates (e.g., modifying IP and port details in a smart contract).

**Container Management:**

* Do not store key material on containers; refer to key management documentation.
* User IDs should be formatted as `DVS-NAME-random` to avoid conflicts with the host.

**Image and Software Management:**

* DVS developer teams should [sign their images](https://docs.docker.com/engine/security/trust/) for releases and upgrades, with Docker displaying a verified badge for signed images.
* Tag new releases via updated images and ensure clear release notes explaining new features and breaking changes.
* Operators should control their software upgrades, avoiding automated upgrade mechanisms.

**Communication:**&#x20;

Establish direct communication channels (e.g., Discord, Telegram) with operators to coordinate upgrades smoothly.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pell.network/dvs-developer-guides/resources/essential-security-practices-for-dvs-developers.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.