We use cookies to improve site navigation, analyze site usage, and enhance your user experience. Click "Accept" to enable cookies or "Reject" to reject cookies.

deployment

No menu items for this category
Home/Deployment/Oss Security

OSS Security

Encryption of Connection Credentials

OpenMetadata ensures that sensitive information, such as passwords and connection secrets, is securely stored.

  • Encryption Algorithm: OpenMetadata uses Fernet encryption to encrypt secrets and passwords before storing them in the database.
  • Fernet Encryption Details:
    • Uses AES-128 in CBC mode with a strong key-based approach.
    • Not based on hashing or salting, but rather an encryption/decryption method with a symmetric key.
  • Secrets Manager Support:
    • Users can avoid storing credentials in OpenMetadata by configuring an external Secrets Manager.
    • More details on setting up a Secrets Manager can be found here:
      🔗 Secrets Manager Documentation

Secure Connections to Data Sources

OpenMetadata supports encrypted connections to various databases and services.

  • SSL/TLS Support:
    • OpenMetadata allows users to configure SSL/TLS encryption for secure data transmission.
    • Users can specify SSL modes and provide CA certificates for SSL validation.
  • How to Enable SSL?
    • Each connector supports different SSL configurations.
    • Follow the detailed guide for enabling SSL in OpenMetadata:
      🔗 Enable SSL in OpenMetadata

Additional Security Measures

  • Role-Based Access Control (RBAC): OpenMetadata allows administrators to define user roles and permissions.
  • Authentication & Authorization: OpenMetadata supports integration with OAuth, SAML, and LDAP for secure authentication.
  • Data Access Control: Users can restrict access to metadata based on policies and governance rules.