The DigitalOcean integration enables DevOps, security, and compliance teams to automate continuous monitoring and evidence collection for infrastructure security controls. This integration allows automated, continuous monitoring and evidence collection of dozens of infrastructure security controls required for compliance.

Key Capabilities

Infrastructure Monitoring: Continuously collects evidence for infrastructure-related security controls.
Spaces Evaluation (optional): Uses Spaces access keys to assess Cloud Data Storage Exposure.
Team or Individual Accounts: Connect with the currently signed-in Individual account or a Team (Owner, Member, or Biller).

This integration is used to automate tests such as SSL/TLS on Admin Page of Infrastructure Console, Daily Database Backups, Cloud Infrastructure Linked to Drata, and Cloud Data Storage Exposure (if Spaces access is connected), helping prove compliance with Infrastructure Security controls.

Prerequisites & Data Access

Access to your company’s DigitalOcean account.
Ability to authenticate to DigitalOcean (you’ll be redirected to login/authorization during setup).
(Optional, only if monitoring Spaces) Ability to generate DigitalOcean Spaces access keys (Access Key and time-sensitive Secret Key).

API Limitation (from source): DigitalOcean’s API does not support pulling infrastructure users. The Managed Accounts page in Drata will show no DigitalOcean users, and the following tests will show no DigitalOcean users in results:

MFA on Infrastructure Console
Employees have Unique Infrastructure Accounts
Infrastructure Accounts Properly Removed

Step-by-Step Setup

Step 1: Start the Connection

In Drata, go to Connections → Available Connections.
Find DigitalOcean and select Connect.
On the connection setup page, click Create Connection to open instructions and begin.
- If you’re not logged in to DigitalOcean, you’ll be redirected to register/login; otherwise, you’ll be sent to the app authorization page.
- You can connect the currently signed-in Individual Account or any Team where that account is Owner, Member, or Biller.
  - IMPORTANT: Drata recommends connecting a Team account.

Expected outcome: You’re redirected and authorized with DigitalOcean; Drata begins the guided setup.

Step 2 (Optional): Create Access Keys for Spaces

If your company uses Spaces and you want Drata to monitor Cloud Data Storage Exposure, create Spaces access keys:

In DigitalOcean, open the API page of your dashboard.
Click Generate New Key, provide a key name, and copy both the Access Key and the time-sensitive Secret Key.
- Both are required for Drata to read Spaces.

Expected outcome: You have a valid Access Key and Secret Key for Spaces.

Step 3 (Optional): Create Spaces & Set Privacy

Create a Space: https://cloud.digitalocean.com/spaces/new
Privacy options:

Restrict File Listing
Enable File Listing
- The Cloud Data Storage Exposure monitor (104) flags Spaces created with Enable File Listing as failed.

Expected outcome: Spaces are created with your chosen privacy settings; you understand how settings affect the exposure monitor.

Step 4: Complete the Connection

In Drata’s connection flow, provide any requested values. If your company is using Spaces, we will need to go through the process of Creating Access Keys. (Shown in the previous sections)

Expected outcome: Connection completes; if Spaces keys were provided, Spaces monitoring is enabled.

Important Notes

Not supported (users): DigitalOcean API does not expose infrastructure user data; user-based infra tests will show no DigitalOcean users.
Spaces keys are time-sensitive: Ensure you store the Secret Key securely and update it if rotated.
Edge cases:
- Connecting as an Individual vs Team may affect which resources are visible.
- Enable File Listing on Spaces will fail the Cloud Data Storage Exposure monitor.