Docs: OSS Security Doc Updation in Deployment (#19781)

Co-authored-by: Rounak Dhillon <rounakdhillon@Rounaks-MacBook-Air.local>
Co-authored-by: Prajwal214 <167504578+Prajwal214@users.noreply.github.com>

openmetadata-docs/content/v1.6.x/deployment/oss-security.md

@@ -0,0 +1,46 @@
+---
+title: OSS Security Best Practices
+slug: /deployment/oss-security
+collate: false
+---
+
+# OSS Security
+
+## Encryption of Connection Credentials  
+
+OpenMetadata ensures that sensitive information, such as passwords and connection secrets, is securely stored.  
+
+- **Encryption Algorithm**: OpenMetadata uses **Fernet encryption** to encrypt secrets and passwords before storing them in the database.  
+- **Fernet Encryption Details**:  
+  - Uses **AES-128 in CBC mode** with a strong key-based approach.  
+  - **Not based on hashing or salting**, but rather an encryption/decryption method with a symmetric key.  
+- **Secrets Manager Support**:  
+  - Users can **avoid storing credentials** in OpenMetadata by configuring an external **Secrets Manager**.  
+  - More details on setting up a Secrets Manager can be found here:  
+    🔗 [Secrets Manager Documentation](https://docs.open-metadata.org/latest/deployment/secrets-manager)
+
+## Secure Connections to Data Sources
+
+OpenMetadata supports **encrypted connections** to various databases and services.  
+
+- **SSL/TLS Support**:  
+  - OpenMetadata allows users to configure **SSL/TLS encryption** for secure data transmission.  
+  - Users can specify **SSL modes** and provide **CA certificates** for SSL validation.  
+- **How to Enable SSL?**  
+  - Each connector supports different SSL configurations.  
+  - Follow the detailed guide for enabling SSL in OpenMetadata:  
+    🔗 [Enable SSL in OpenMetadata](https://docs.open-metadata.org/latest/deployment/security/enable-ssl)
+
+---
+
+## **Additional Security Measures**  
+
+- **Role-Based Access Control (RBAC)**: OpenMetadata allows administrators to define user roles and permissions.  
+- **Authentication & Authorization**: OpenMetadata supports integration with OAuth, SAML, and LDAP for secure authentication.  
+- **Data Access Control**: Users can restrict access to metadata based on policies and governance rules.
+
+{% note %}
+- **Passwords and secrets are securely encrypted** using **Fernet encryption**.  
+- **Connections to data sources can be encrypted** using **SSL/TLS**.  
+- **Secrets Managers** can be used to manage credentials externally.  
+{% /note %}

openmetadata-docs/content/v1.6.x/menu.md

@@ -223,6 +223,9 @@ site_menu:
   - category: Deployment / Metrics
     url: /deployment/metrics
 
+  - category: Deployment / OSS Security
+    url: /deployment/oss-security
+
   - category: Connectors
     url: /connectors
 

openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/oss-security.md

@@ -0,0 +1,46 @@
+---
+title: OSS Security Best Practices
+slug: /deployment/oss-security
+collate: false
+---
+
+# OSS Security
+
+## Encryption of Connection Credentials
+
+OpenMetadata ensures that sensitive information, such as passwords and connection secrets, is securely stored.  
+
+- **Encryption Algorithm**: OpenMetadata uses **Fernet encryption** to encrypt secrets and passwords before storing them in the database.  
+- **Fernet Encryption Details**:  
+  - Uses **AES-128 in CBC mode** with a strong key-based approach.  
+  - **Not based on hashing or salting**, but rather an encryption/decryption method with a symmetric key.  
+- **Secrets Manager Support**:  
+  - Users can **avoid storing credentials** in OpenMetadata by configuring an external **Secrets Manager**.  
+  - More details on setting up a Secrets Manager can be found here:  
+    🔗 [Secrets Manager Documentation](https://docs.open-metadata.org/latest/deployment/secrets-manager)
+
+## Secure Connections to Data Sources
+
+OpenMetadata supports **encrypted connections** to various databases and services.  
+
+- **SSL/TLS Support**:  
+  - OpenMetadata allows users to configure **SSL/TLS encryption** for secure data transmission.  
+  - Users can specify **SSL modes** and provide **CA certificates** for SSL validation.  
+- **How to Enable SSL?**  
+  - Each connector supports different SSL configurations.  
+  - Follow the detailed guide for enabling SSL in OpenMetadata:  
+    🔗 [Enable SSL in OpenMetadata](https://docs.open-metadata.org/latest/deployment/security/enable-ssl)
+
+---
+
+## **Additional Security Measures**  
+
+- **Role-Based Access Control (RBAC)**: OpenMetadata allows administrators to define user roles and permissions.  
+- **Authentication & Authorization**: OpenMetadata supports integration with OAuth, SAML, and LDAP for secure authentication.  
+- **Data Access Control**: Users can restrict access to metadata based on policies and governance rules.
+
+{% note %}
+- **Passwords and secrets are securely encrypted** using **Fernet encryption**.  
+- **Connections to data sources can be encrypted** using **SSL/TLS**.  
+- **Secrets Managers** can be used to manage credentials externally.  
+{% /note %}

openmetadata-docs/content/v1.7.x-SNAPSHOT/menu.md

@@ -222,6 +222,9 @@ site_menu:
 
   - category: Deployment / Metrics
     url: /deployment/metrics
+  
+  - category: Deployment / OSS Security
+    url: /deployment/oss-security
 
   - category: Connectors
     url: /connectors