Skip to content

TLS, device trust, and untrusted devices

How TLS, device pairing, and Syncthing’s untrusted-device model work together in a hosted file sync setup.

TLS in transit#

Syncding terminates TLS for the control plane and web surfaces you use day to day. Syncthing’s own device-to-device sync remains governed by Syncthing’s pairing and certificate model — we keep instances updated and monitored.

Untrusted devices#

Syncthing’s untrusted device feature lets you store ciphertext on a peer you do not fully trust. On Syncding, that pattern can map to encrypted-at-rest expectations on our side when you configure it — check the docs for the exact product guarantees on your plan.

Checklist#

  1. Pair only devices you recognize.
  2. Prefer untrusted where you want server-side ciphertext.
  3. Rotate credentials and review device lists periodically.

For registration and verification flows, see the docs.

← All posts