From a82ff8f9a8610c9c629dd6eb11e3c6c4ab80be71 Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Tue, 28 Apr 2020 17:45:16 -0400 Subject: [PATCH 01/10] First pass at guide --- .../encryption/reverse-ssh-tunnel-setup.md | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 _account-security/security/encryption/reverse-ssh-tunnel-setup.md diff --git a/_account-security/security/encryption/reverse-ssh-tunnel-setup.md b/_account-security/security/encryption/reverse-ssh-tunnel-setup.md new file mode 100644 index 000000000..8a503840f --- /dev/null +++ b/_account-security/security/encryption/reverse-ssh-tunnel-setup.md @@ -0,0 +1,71 @@ +--- +# -------------------------- # +# Page & Formatting # +# -------------------------- # + +title: Setting up a Reverse SSH Tunnel +permalink: /account-security/data-encryption/setting-up-reverse-ssh-tunnel +summary: "If a database is privately accessible, you can use a reverse SSH tunnel to connect Stitch. This tutorial will walk you through requesting and configuring a reverse SSH tunnel for use with Stitch." + +input: false +layout: tutorial +use-tutorial-sidebar: false + +enterprise: true +enterprise-cta: + feature: "Reverse SSH tunnels " + title: "{{ site.data.strings.enterprise.title.are-an | prepend: page.enterprise-cta.feature }}" + + +# -------------------------- # +# Introduction # +# -------------------------- # + +intro: | + {% include misc/data-files.html %} + + Unlike other connection methods, reverse SSH enables Stitch to establish a connection to a database in your private network without opening holes in your network's firewall. A reverse SSH tunnel is an outbound connection from a machine on your network that connects securely over the internet to Stitch. + + +# -------------------------- # +# Requirements # +# -------------------------- # + +requirements: + - item: | + **A Stitch Enterprise plan.** Reverse SSH tunnels are available only on a Stitch Enterprise plan. Reach out to [Stitch Sales]({{ site.sales }}) for more info. + - item: | + **Some familiarity with Linux and the command line.** While we’ve provided the commands you’ll need to establish the reverse SSH tunnel, you should know how to access a server using the command line and feel comfortable running commands. + +# -------------------------- # +# Instructions # +# -------------------------- # + +steps: + - title: "Contact Stitch with your SSH public key" + anchor: "contact-stitch-ssh-public-key" + content: | + To set up a reverse SSH tunnel, you'll need to provide Stitch with the following: + + - The public key corresponding to the SSH keypair you plan to use to establish the tunnel + - The IP address(es) that you'll connect to the Stitch SSH server from + + Once our team receives this information, we'll set up a secure SSH server for you to connect to. We'll provide you with the `SSH_HOST`, `SSH_USER`, and `TUNNEL_PORT` info needed to establish the SSH connection. + + - title: "Establish the reverse SSH tunnel" + anchor: "establish-reverse-ssh-tunnel" + content: | + After you receive the SSH connection information from us, run the following command to establish the tunnel, replacing the items in brackets: + + {% capture code %}autossh -M 0 -f -N -R :: -i @ -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes + {% endcapture %} + {% include layout/code-snippet.html language="shell" code=code %} + + The `` and `` values are the host/endpoint and port of the database you're connecting from, respectively. For ``, ``, and ``, use the SSH connection values you received from our team. + + For example: Here's the same command, but with all the values inserted: + + {% capture code %}autossh -M 0 -f -N -R 10000:database.private.yourcompany.com:5432 -i id_rsa.pem yourcompany@33.44.55.66 -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes + {% endcapture %} + {% include layout/code-snippet.html language="shell" code=code %} +--- \ No newline at end of file From 3c821ff77b92be71632f946ce1793ff31fc11748 Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Tue, 28 Apr 2020 17:50:11 -0400 Subject: [PATCH 02/10] Add to urls.yml --- .../security/encryption/reverse-ssh-tunnel-setup.md | 2 +- _data/urls.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/_account-security/security/encryption/reverse-ssh-tunnel-setup.md b/_account-security/security/encryption/reverse-ssh-tunnel-setup.md index 8a503840f..346e0ba14 100644 --- a/_account-security/security/encryption/reverse-ssh-tunnel-setup.md +++ b/_account-security/security/encryption/reverse-ssh-tunnel-setup.md @@ -3,7 +3,7 @@ # Page & Formatting # # -------------------------- # -title: Setting up a Reverse SSH Tunnel +title: Setting up a Reverse SSH Tunnel for a Database Connection permalink: /account-security/data-encryption/setting-up-reverse-ssh-tunnel summary: "If a database is privately accessible, you can use a reverse SSH tunnel to connect Stitch. This tutorial will walk you through requesting and configuring a reverse SSH tunnel for use with Stitch." diff --git a/_data/urls.yaml b/_data/urls.yaml index 5fd125d16..137ed9b44 100755 --- a/_data/urls.yaml +++ b/_data/urls.yaml @@ -69,6 +69,7 @@ security: compliance: /account-security/compliance encryption: /account-security/data-encryption + reverse-ssh: /account-security/data-encryption/setting-up-reverse-ssh-tunnel ssh-generic: /account-security/data-encryption/setting-up-ssh-tunnel-for-database-connection ssh-amazon: /account-security/data-encryption/setting-up-ssh-tunnel-for-amazon-web-services ssh-microsoft-azure: /account-security/data-encryption/setting-up-ssh-tunnel-for-microsoft-azure From fd3adca8d714af846a9428a27b44e335e89e8874 Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Tue, 28 Apr 2020 17:50:21 -0400 Subject: [PATCH 03/10] Update data encryption guide with reverse SSH info --- _account-security/security/encryption/encryption-general.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/_account-security/security/encryption/encryption-general.md b/_account-security/security/encryption/encryption-general.md index 3c89ae3ee..2db2b086e 100644 --- a/_account-security/security/encryption/encryption-general.md +++ b/_account-security/security/encryption/encryption-general.md @@ -111,7 +111,9 @@ sections: {% endfor %} - + + + **Note**: [Reverse SSH tunnels]({{ link.security.reverse-ssh | prepend: site.baseurl }}) are also available for Stitch Enterprise customers. - title: "Advanced connectivity" anchor: "advanced-connectivity" @@ -119,7 +121,7 @@ sections: Additional connection options are available as part of a Stitch Enterprise plan. This includes: - Virtual Private Network (VPN) - - Reverse SSH tunneling + - [Reverse SSH tunneling]({{ link.security.reverse-ssh | prepend: site.baseurl }}) - [Amazon Web Services (AWS) Private Link](https://aws.amazon.com/privatelink/){:target="new"} Reach out to [Stitch Sales]({{ site.sales }}){:target="new"} for more info. From bc6a1b5651f8569471e372fb6289e7130b727eaf Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Tue, 28 Apr 2020 18:03:43 -0400 Subject: [PATCH 04/10] Fix copy --- _account-security/security/encryption/encryption-general.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/_account-security/security/encryption/encryption-general.md b/_account-security/security/encryption/encryption-general.md index 2db2b086e..5fae1114c 100644 --- a/_account-security/security/encryption/encryption-general.md +++ b/_account-security/security/encryption/encryption-general.md @@ -42,7 +42,6 @@ intro: | {% for section in page.sections %} - [{{ section.title }}](#{{ section.anchor }}) {% endfor %} - In this guide, we'll cover Stitch's supported connection options and provide links to additional resources. # -------------------------- # @@ -57,11 +56,11 @@ ssh-tunnels: - name: "Amazon" guide: "ssh-amazon" - description: "Stitch currently supports connecting Amazon RDS and Amazon Redshift (destination only) databases." + description: "Stitch currently supports connecting Amazon RDS (including Aurora) and Amazon Redshift (destination only) databases." - name: "Microsoft Azure" guide: "ssh-microsoft-azure" - description: "Stitch currently supports connecting Microsoft Azure SQL Server (as an integration) and Azure SQL Data Warehouse (as a destination). Other Microsoft Azure offerings aren't currently supported." + description: "Stitch currently supports connecting Microsoft Azure SQL Server and MySQL databases (as integrations) and Azure SQL Data Warehouse (as a destination). Other Microsoft Azure offerings aren't currently supported." sections: - title: "SSL connections" From d2cff7f5446515a95d15b8f07423372ee466e429 Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Tue, 28 Apr 2020 18:03:53 -0400 Subject: [PATCH 05/10] Add links to the security FAQ --- _account-security/security/stitch-security.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/_account-security/security/stitch-security.md b/_account-security/security/stitch-security.md index 8d79c5de7..2d6625f0a 100755 --- a/_account-security/security/stitch-security.md +++ b/_account-security/security/stitch-security.md @@ -77,7 +77,11 @@ frequently-asked-questions: - **For data pulled from an HTTP API or submitted directly to Stitch's Import API,** we'll use SSL/TLS-based encryption. - - **For data replicated from a database**, we can use the encryption functionality built into the database, or an SSH tunnel. + - **For data replicated from a database**, we can use the encryption functionality built into the database or an SSH tunnel. + + - **For data at rest**, Stitch uses [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard){:target="new"} to encrypt data. + + Refer to the [Data encryption guide]({{ link.security.encryption | prepend: site.baseurl }}) for more info. - question: "Are SSL connections supported?" anchor: "ssl-connection-support" @@ -104,6 +108,8 @@ frequently-asked-questions: answer: | Additional connection options such as VPNs or reverse SSH tunnels may be implemented as part of an Enterprise plan. Contact [Stitch Sales]({{ site.sales | append: page.enterprise-utm.reverse-ssh-url }}) for more info. + Refer to the [Advanced connectivity section]({{ link.security.encryption | prepend: site.baseurl | append: "#advanced-connectivity" }}) in the Data encryption guide for more info. + - topic: "Data Access" anchor: "stitch-access" items: From 5d3dd4869d60da32283cc8f0886a1c976bc9e286 Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Fri, 1 May 2020 13:27:19 -0400 Subject: [PATCH 06/10] Changes based on feedback --- .../encryption/reverse-ssh-tunnel-setup.md | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/_account-security/security/encryption/reverse-ssh-tunnel-setup.md b/_account-security/security/encryption/reverse-ssh-tunnel-setup.md index 346e0ba14..abc2649fa 100644 --- a/_account-security/security/encryption/reverse-ssh-tunnel-setup.md +++ b/_account-security/security/encryption/reverse-ssh-tunnel-setup.md @@ -55,7 +55,16 @@ steps: - title: "Establish the reverse SSH tunnel" anchor: "establish-reverse-ssh-tunnel" content: | - After you receive the SSH connection information from us, run the following command to establish the tunnel, replacing the items in brackets: + After you receive the SSH connection information from us, you can establish the SSH tunnel. There are two methods you can use to accomplish this: + + - [With autossh (recommended)](#with-autossh) + - [Without autossh](#without-autossh) + + ### With autossh (recommended) {#with-autossh} + + We recommend running SSH through [autossh](https://www.harding.motd.ca/autossh/){:target="new"}, which will start a copy of SSH, monitor it, and automatically restart the tunnel if it goes down or stops passing traffic. If you don't already have autossh installed, you'll need to do so before continuing. Refer to [autossh's documentation](https://www.harding.motd.ca/autossh/){:target="new"} for instructions. + + The following command will establish the tunnel using autossh. When you run this, replace the items in brackets: {% capture code %}autossh -M 0 -f -N -R :: -i @ -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes {% endcapture %} @@ -68,4 +77,20 @@ steps: {% capture code %}autossh -M 0 -f -N -R 10000:database.private.yourcompany.com:5432 -i id_rsa.pem yourcompany@33.44.55.66 -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o ExitOnForwardFailure=yes {% endcapture %} {% include layout/code-snippet.html language="shell" code=code %} + + ### Without autossh {#without-autossh} + + To establish the tunnel without using autossh, run the following command, replacing the items in brackets: + + {% capture code %}ssh -f -N -R :: -i @ + {% endcapture %} + {% include layout/code-snippet.html language="shell" code=code %} + + The `` and `` values are the host/endpoint and port of the database you're connecting from, respectively. For ``, ``, and ``, use the SSH connection values you received from our team. + + Here's the same command, but with all the values inserted: + + {% capture code %}ssh -f -N -R 10000:database.private.yourcompany.com:5432 -i id_rsa.pem yourcompany@33.44.55.66 + {% endcapture %} + {% include layout/code-snippet.html language="shell" code=code %} --- \ No newline at end of file From 6ff808717d66780c5947d38146d15700cc5d61b0 Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Fri, 1 May 2020 15:20:29 -0400 Subject: [PATCH 07/10] Add reverse SSH to ENT features --- .../security/encryption/reverse-ssh-tunnel-setup.md | 6 +++++- _data/stitch/subscription-plans/enterprise.yml | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/_account-security/security/encryption/reverse-ssh-tunnel-setup.md b/_account-security/security/encryption/reverse-ssh-tunnel-setup.md index abc2649fa..bf4ea4610 100644 --- a/_account-security/security/encryption/reverse-ssh-tunnel-setup.md +++ b/_account-security/security/encryption/reverse-ssh-tunnel-setup.md @@ -5,12 +5,16 @@ title: Setting up a Reverse SSH Tunnel for a Database Connection permalink: /account-security/data-encryption/setting-up-reverse-ssh-tunnel -summary: "If a database is privately accessible, you can use a reverse SSH tunnel to connect Stitch. This tutorial will walk you through requesting and configuring a reverse SSH tunnel for use with Stitch." +summary: "If a database is privately accessible, you can use a reverse SSH tunnel to connect Stitch. This tutorial will walk you through requesting and configuring a reverse SSH tunnel for use with Stitch as part of an Enterprise plan." input: false layout: tutorial use-tutorial-sidebar: false +key: "reverse-ssh-tunnel-setup" +type: "security" +weight: 3 + enterprise: true enterprise-cta: feature: "Reverse SSH tunnels " diff --git a/_data/stitch/subscription-plans/enterprise.yml b/_data/stitch/subscription-plans/enterprise.yml index 0cd5a185a..52ebf8611 100644 --- a/_data/stitch/subscription-plans/enterprise.yml +++ b/_data/stitch/subscription-plans/enterprise.yml @@ -38,6 +38,13 @@ features: - key: "data-encryption-overview" title: "Advanced connectivity" summary: "Aside from SSL and SSH, additional connection options such as reverse SSH, VPN, and Amazon Web Services Private Link, are available as part of an Enterprise plan." + free-trial-available: false + + - key: "reverse-ssh-tunnel-setup" + title: "Reverse SSH tunnels" + summary: | + Establish a connection to a database in your private network without opening holes in your network's firewall. A reverse SSH tunnel is an outbound connection from a machine on your network that connects securely over the internet to Stitch. + free-trial-available: false - category: "Destinations" From 561b39f620e62ee267dd1766bf6958b49642094c Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Fri, 1 May 2020 15:20:40 -0400 Subject: [PATCH 08/10] Change Security category order --- _account-security/security/encryption/encryption-general.md | 2 +- _account-security/security/stitch-security.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/_account-security/security/encryption/encryption-general.md b/_account-security/security/encryption/encryption-general.md index 5fae1114c..b792953a5 100644 --- a/_account-security/security/encryption/encryption-general.md +++ b/_account-security/security/encryption/encryption-general.md @@ -13,7 +13,7 @@ feedback: false key: "data-encryption-overview" type: "security" -weight: 1 +weight: 2 enterprise: true enterprise-cta: diff --git a/_account-security/security/stitch-security.md b/_account-security/security/stitch-security.md index 2d6625f0a..5b1a1e760 100755 --- a/_account-security/security/stitch-security.md +++ b/_account-security/security/stitch-security.md @@ -10,7 +10,7 @@ layout: faq toc: true type: "security" -weight: 5 +weight: 1 enterprise: true enterprise-cta: From e854e72d4c3f1ce5782795cb65cd67c86ef64592 Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Fri, 1 May 2020 15:20:45 -0400 Subject: [PATCH 09/10] Update sidenav --- _data/sidebars/stitchnav.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/_data/sidebars/stitchnav.yml b/_data/sidebars/stitchnav.yml index 121463dfa..0ab9975c6 100755 --- a/_data/sidebars/stitchnav.yml +++ b/_data/sidebars/stitchnav.yml @@ -99,11 +99,20 @@ all-docs: - title: Security subsections: + - title: "Compliance" + url: "{{ link.security.faq }}#stitch-compliance" + - title: "Data encryption" url: "{{ link.security.encryption }}" - - title: "FAQ" - url: "{{ link.security.faq }}" + - title: "Data access policies" + url: "{{ link.security.faq }}#stitch-access" + + - title: "Protocols and recommendations" + url: "{{ link.security.faq }}#stitch-protocols-recommendations" + + - title: "Reporting issues" + url: "{{ link.security.faq }}#security-issues" - title: Enterprise url: "{{ link.account.enterprise-features }}" From 364079098f7c6dce2e4545cf0b3f3e4ee9bec30a Mon Sep 17 00:00:00 2001 From: Erin Cochran Date: Fri, 1 May 2020 15:34:18 -0400 Subject: [PATCH 10/10] Clean up Data Encryption guide a bit --- .../security/encryption/encryption-general.md | 110 ++++++++++-------- 1 file changed, 63 insertions(+), 47 deletions(-) diff --git a/_account-security/security/encryption/encryption-general.md b/_account-security/security/encryption/encryption-general.md index b792953a5..a91762911 100644 --- a/_account-security/security/encryption/encryption-general.md +++ b/_account-security/security/encryption/encryption-general.md @@ -63,65 +63,81 @@ ssh-tunnels: description: "Stitch currently supports connecting Microsoft Azure SQL Server and MySQL databases (as integrations) and Azure SQL Data Warehouse (as a destination). Other Microsoft Azure offerings aren't currently supported." sections: - - title: "SSL connections" - anchor: "ssl-connections" + - title: "Encryption in transit" + anchor: "in-transit-encryption" content: | - [SSL/TLS](https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml){:target="new"} is a standard security technology used to establish encrypted communication between a web server and a browser. SSL/TLS ensures that communication to and from Stitch remains private and secure. - + {% for subsection in section.subsections %} + - [{{ subsection.title }}](#{{ subsection.anchor }}) + {% endfor %} subsections: - - title: "Stitch application access" - anchor: "stitch-application" + - title: "SSL connections" + anchor: "ssl-connections" content: | - The Stitch application enforces SSL to ensure all communication with Stitch remains secure. + [SSL/TLS](https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml){:target="new"} is a standard security technology used to establish encrypted communication between a web server and a browser. SSL/TLS ensures that communication to and from Stitch remains private and secure. - - title: "Connections that use verified SSL by default" - anchor: "connections-ssl-default" - content: | - For any connection using an HTTP API - for example, integrations like [Salesforce]({{ site.baseurl }}/integrations/saas/salesforce) or [Facebook Ads]({{ site.baseurl }}/integrations/saas/facebook-ads) - or Stitch's [Import API]({{ link.integrations.import-api | prepend: site.baseurl }}), Stitch will use [SSL/TLS-based encryption](https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml){:target="new"} by default. + {% for sub-subsection in subsection.sub-subsections %} + - [{{ sub-subsection.title }}](#{{ sub-subsection.anchor }}) + {% endfor %} + + sub-subsections: + - title: "Stitch application access" + anchor: "stitch-application" + content: | + The Stitch application enforces SSL to ensure all communication with Stitch remains secure. + + - title: "Connections that use verified SSL by default" + anchor: "connections-ssl-default" + content: | + For any connection using an HTTP API - for example, integrations like [Salesforce]({{ site.baseurl }}/integrations/saas/salesforce) or [Facebook Ads]({{ site.baseurl }}/integrations/saas/facebook-ads) - or Stitch's [Import API]({{ link.integrations.import-api | prepend: site.baseurl }}), Stitch will use [SSL/TLS-based encryption](https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml){:target="new"} by default. + + This is also applicable to Stitch's [Amazon Redshift]({{ link.destinations.overviews.redshift | prepend: site.baseurl }}), [Google BigQuery]({{ link.destinations.overviews.bigquery | prepend: site.baseurl }}), [Microsoft Azure SQL Data Warehouse]({{ link.destinations.overviews.azure | prepend: site.baseurl }}), and [Snowflake]({{ link.destinations.overviews.snowflake | prepend: site.baseurl }}) destination offerings. + + Connections to these integrations and destinations will attempt to use verified SSL with no action required on your part. - This is also applicable to Stitch's [Amazon Redshift]({{ link.destinations.overviews.redshift | prepend: site.baseurl }}), [Google BigQuery]({{ link.destinations.overviews.bigquery | prepend: site.baseurl }}), [Microsoft Azure SQL Data Warehouse]({{ link.destinations.overviews.azure | prepend: site.baseurl }}), and [Snowflake]({{ link.destinations.overviews.snowflake | prepend: site.baseurl }}) destination offerings. + - title: "Connections with configurable SSL options" + anchor: "connections-configurable-ssl" + content: | + For some integrations - for example, a database hosted on your server - Stitch may support configurable SSL. To use SSL with a database Stitch supports, the database must be configured to support and allow SSL connections. - Connections to these integrations and destinations will attempt to use verified SSL with no action required on your part. + **Note**: SSL connections are not supported for all databases. Refer to the [documentation for the database]({{ site.baseurl }}/integrations/databases) for SSL support details. - - title: "Connections with configurable SSL options" - anchor: "connections-configurable-ssl" + - title: "SSH tunnels" + anchor: "ssh-tunnel-connections" content: | - For some integrations - for example, a database hosted on your server - Stitch may support configurable SSL. To use SSL with a database Stitch supports, the database must be configured to support and allow SSL connections. + If a database you want to connect to Stitch doesn't support [SSL connections](#ssl-connections) or isn't publicly accessible, you can use an SSH tunnel. - **Note**: SSL connections are not supported for all databases. Refer to the [documentation for the database]({{ site.baseurl }}/integrations/databases) for SSL support details. + The steps for setting up an SSH connection vary depending on where your database is hosted. - - title: "SSH tunnels" - anchor: "ssh-tunnel-connections" - content: | - If a database you want to connect to Stitch doesn't support [SSL connections](#ssl-connections) or isn't publicly accessible, you can use an SSH tunnel. - - The steps for setting up an SSH connection vary depending on where your database is hosted. - - - {% for item in page.ssh-tunnels %} - - - - - {% endfor %} -
- {{ item.name | append: " databases" }} - - {{ item.description | markdownify }} - -

Refer to the SSH tunnels for {{ item.name | append: " databases"}} guide.

-
+ + {% for item in page.ssh-tunnels %} + + + + + {% endfor %} +
+ {{ item.name | append: " databases" }} + + {{ item.description | markdownify }} - **Note**: [Reverse SSH tunnels]({{ link.security.reverse-ssh | prepend: site.baseurl }}) are also available for Stitch Enterprise customers. +

Refer to the SSH tunnels for {{ item.name | append: " databases"}} guide.

+
- - title: "Advanced connectivity" - anchor: "advanced-connectivity" - content: | - Additional connection options are available as part of a Stitch Enterprise plan. This includes: + **Note**: [Reverse SSH tunnels]({{ link.security.reverse-ssh | prepend: site.baseurl }}) are also available for Stitch Enterprise customers. - - Virtual Private Network (VPN) - - [Reverse SSH tunneling]({{ link.security.reverse-ssh | prepend: site.baseurl }}) - - [Amazon Web Services (AWS) Private Link](https://aws.amazon.com/privatelink/){:target="new"} + - title: "Advanced connectivity" + anchor: "advanced-connectivity" + content: | + Additional connection options are available as part of a Stitch Enterprise plan. This includes: - Reach out to [Stitch Sales]({{ site.sales }}){:target="new"} for more info. + - Virtual Private Network (VPN) + - [Reverse SSH tunneling]({{ link.security.reverse-ssh | prepend: site.baseurl }}) + - [Amazon Web Services (AWS) Private Link](https://aws.amazon.com/privatelink/){:target="new"} + + Reach out to [Stitch Sales]({{ site.sales }}){:target="new"} for more info. + + - title: "Encryption at rest" + anchor: "data-at-rest" + content: | + For data at rest, Stitch uses [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard){:target="new"} to encrypt data. --- \ No newline at end of file