Skip to content

Commit

Permalink
Clean up Data Encryption guide a bit
Browse files Browse the repository at this point in the history
  • Loading branch information
@erinkcochran87
erinkcochran87 committed May 1, 2020
1 parent e854e72 commit 3640790
Showing 1 changed file with 63 additions and 47 deletions.
110 changes: 63 additions & 47 deletions _account-security/security/encryption/encryption-general.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,65 +63,81 @@ ssh-tunnels:
description: "Stitch currently supports connecting Microsoft Azure SQL Server and MySQL databases (as integrations) and Azure SQL Data Warehouse (as a destination). Other Microsoft Azure offerings aren't currently supported."

sections:
- title: "SSL connections"
anchor: "ssl-connections"
- title: "Encryption in transit"
anchor: "in-transit-encryption"
content: |
[SSL/TLS](https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml){:target="new"} is a standard security technology used to establish encrypted communication between a web server and a browser. SSL/TLS ensures that communication to and from Stitch remains private and secure.
{% for subsection in section.subsections %}
- [{{ subsection.title }}](#{{ subsection.anchor }})
{% endfor %}
subsections:
- title: "Stitch application access"
anchor: "stitch-application"
- title: "SSL connections"
anchor: "ssl-connections"
content: |
The Stitch application enforces SSL to ensure all communication with Stitch remains secure.
[SSL/TLS](https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml){:target="new"} is a standard security technology used to establish encrypted communication between a web server and a browser. SSL/TLS ensures that communication to and from Stitch remains private and secure.
- title: "Connections that use verified SSL by default"
anchor: "connections-ssl-default"
content: |
For any connection using an HTTP API - for example, integrations like [Salesforce]({{ site.baseurl }}/integrations/saas/salesforce) or [Facebook Ads]({{ site.baseurl }}/integrations/saas/facebook-ads) - or Stitch's [Import API]({{ link.integrations.import-api | prepend: site.baseurl }}), Stitch will use [SSL/TLS-based encryption](https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml){:target="new"} by default.
{% for sub-subsection in subsection.sub-subsections %}
- [{{ sub-subsection.title }}](#{{ sub-subsection.anchor }})
{% endfor %}
sub-subsections:
- title: "Stitch application access"
anchor: "stitch-application"
content: |
The Stitch application enforces SSL to ensure all communication with Stitch remains secure.
- title: "Connections that use verified SSL by default"
anchor: "connections-ssl-default"
content: |
For any connection using an HTTP API - for example, integrations like [Salesforce]({{ site.baseurl }}/integrations/saas/salesforce) or [Facebook Ads]({{ site.baseurl }}/integrations/saas/facebook-ads) - or Stitch's [Import API]({{ link.integrations.import-api | prepend: site.baseurl }}), Stitch will use [SSL/TLS-based encryption](https://www.verisign.com/en_US/website-presence/online/ssl-certificates/index.xhtml){:target="new"} by default.
This is also applicable to Stitch's [Amazon Redshift]({{ link.destinations.overviews.redshift | prepend: site.baseurl }}), [Google BigQuery]({{ link.destinations.overviews.bigquery | prepend: site.baseurl }}), [Microsoft Azure SQL Data Warehouse]({{ link.destinations.overviews.azure | prepend: site.baseurl }}), and [Snowflake]({{ link.destinations.overviews.snowflake | prepend: site.baseurl }}) destination offerings.
Connections to these integrations and destinations will attempt to use verified SSL with no action required on your part.
This is also applicable to Stitch's [Amazon Redshift]({{ link.destinations.overviews.redshift | prepend: site.baseurl }}), [Google BigQuery]({{ link.destinations.overviews.bigquery | prepend: site.baseurl }}), [Microsoft Azure SQL Data Warehouse]({{ link.destinations.overviews.azure | prepend: site.baseurl }}), and [Snowflake]({{ link.destinations.overviews.snowflake | prepend: site.baseurl }}) destination offerings.
- title: "Connections with configurable SSL options"
anchor: "connections-configurable-ssl"
content: |
For some integrations - for example, a database hosted on your server - Stitch may support configurable SSL. To use SSL with a database Stitch supports, the database must be configured to support and allow SSL connections.
Connections to these integrations and destinations will attempt to use verified SSL with no action required on your part.
**Note**: SSL connections are not supported for all databases. Refer to the [documentation for the database]({{ site.baseurl }}/integrations/databases) for SSL support details.
- title: "Connections with configurable SSL options"
anchor: "connections-configurable-ssl"
- title: "SSH tunnels"
anchor: "ssh-tunnel-connections"
content: |
For some integrations - for example, a database hosted on your server - Stitch may support configurable SSL. To use SSL with a database Stitch supports, the database must be configured to support and allow SSL connections.
If a database you want to connect to Stitch doesn't support [SSL connections](#ssl-connections) or isn't publicly accessible, you can use an SSH tunnel.
**Note**: SSL connections are not supported for all databases. Refer to the [documentation for the database]({{ site.baseurl }}/integrations/databases) for SSL support details.
The steps for setting up an SSH connection vary depending on where your database is hosted.
- title: "SSH tunnels"
anchor: "ssh-tunnel-connections"
content: |
If a database you want to connect to Stitch doesn't support [SSL connections](#ssl-connections) or isn't publicly accessible, you can use an SSH tunnel.
The steps for setting up an SSH connection vary depending on where your database is hosted.
<table class="attribute-list">
{% for item in page.ssh-tunnels %}
<tr>
<td class="attribute-name">
<strong>{{ item.name | append: " databases" }}</strong>
</td>
<td>
{{ item.description | markdownify }}
<p>Refer to the <a href="{{ link.security[item.guide] | prepend: site.baseurl }}">SSH tunnels for {{ item.name | append: " databases"}}</a> guide.</p>
</td>
</tr>
{% endfor %}
</table>
<table class="attribute-list">
{% for item in page.ssh-tunnels %}
<tr>
<td class="attribute-name">
<strong>{{ item.name | append: " databases" }}</strong>
</td>
<td>
{{ item.description | markdownify }}
**Note**: [Reverse SSH tunnels]({{ link.security.reverse-ssh | prepend: site.baseurl }}) are also available for Stitch Enterprise customers.
<p>Refer to the <a href="{{ link.security[item.guide] | prepend: site.baseurl }}">SSH tunnels for {{ item.name | append: " databases"}}</a> guide.</p>
</td>
</tr>
{% endfor %}
</table>
- title: "Advanced connectivity"
anchor: "advanced-connectivity"
content: |
Additional connection options are available as part of a Stitch Enterprise plan. This includes:
**Note**: [Reverse SSH tunnels]({{ link.security.reverse-ssh | prepend: site.baseurl }}) are also available for Stitch Enterprise customers.
- Virtual Private Network (VPN)
- [Reverse SSH tunneling]({{ link.security.reverse-ssh | prepend: site.baseurl }})
- [Amazon Web Services (AWS) Private Link](https://aws.amazon.com/privatelink/){:target="new"}
- title: "Advanced connectivity"
anchor: "advanced-connectivity"
content: |
Additional connection options are available as part of a Stitch Enterprise plan. This includes:
Reach out to [Stitch Sales]({{ site.sales }}){:target="new"} for more info.
- Virtual Private Network (VPN)
- [Reverse SSH tunneling]({{ link.security.reverse-ssh | prepend: site.baseurl }})
- [Amazon Web Services (AWS) Private Link](https://aws.amazon.com/privatelink/){:target="new"}
Reach out to [Stitch Sales]({{ site.sales }}){:target="new"} for more info.
- title: "Encryption at rest"
anchor: "data-at-rest"
content: |
For data at rest, Stitch uses [AES-256](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard){:target="new"} to encrypt data.
---

0 comments on commit 3640790

Please sign in to comment.