yujunjun/OpenMetadata
1
0
Fork 0
mirror of https://github.com/open-metadata/OpenMetadata.git synced 2025-10-31 18:48:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenMetadata/openmetadata-docs/content/v1.7.x-SNAPSHOT/deployment/oss-security.md
Rounak Dhillon 206049bf6c
Docs: OSS Security Line Remover (#19783) 
Co-authored-by: Rounak Dhillon <rounakdhillon@Rounaks-MacBook-Air.local>
2025-02-13 15:51:43 +05:30

45 lines
2.1 KiB
Markdown
Raw Blame History

---
title: OSS Security Best Practices
slug: /deployment/oss-security
collate: false
---
# OSS Security
## Encryption of Connection Credentials
OpenMetadata ensures that sensitive information, such as passwords and connection secrets, is securely stored.
- **Encryption Algorithm**: OpenMetadata uses **Fernet encryption** to encrypt secrets and passwords before storing them in the database.
- **Fernet Encryption Details**:
- Uses **AES-128 in CBC mode** with a strong key-based approach.
- **Not based on hashing or salting**, but rather an encryption/decryption method with a symmetric key.
- **Secrets Manager Support**:
- Users can **avoid storing credentials** in OpenMetadata by configuring an external **Secrets Manager**.
- More details on setting up a Secrets Manager can be found here:
🔗 [Secrets Manager Documentation](https://docs.open-metadata.org/latest/deployment/secrets-manager)
## Secure Connections to Data Sources
OpenMetadata supports **encrypted connections** to various databases and services.
- **SSL/TLS Support**:
- OpenMetadata allows users to configure **SSL/TLS encryption** for secure data transmission.
- Users can specify **SSL modes** and provide **CA certificates** for SSL validation.
- **How to Enable SSL?**
- Each connector supports different SSL configurations.
- Follow the detailed guide for enabling SSL in OpenMetadata:
🔗 [Enable SSL in OpenMetadata](https://docs.open-metadata.org/latest/deployment/security/enable-ssl)
## **Additional Security Measures**
- **Role-Based Access Control (RBAC)**: OpenMetadata allows administrators to define user roles and permissions.
- **Authentication & Authorization**: OpenMetadata supports integration with OAuth, SAML, and LDAP for secure authentication.
- **Data Access Control**: Users can restrict access to metadata based on policies and governance rules.
{% note %}
- **Passwords and secrets are securely encrypted** using **Fernet encryption**.
- **Connections to data sources can be encrypted** using **SSL/TLS**.
- **Secrets Managers** can be used to manage credentials externally.
{% /note %}
Reference in New Issue View Git Blame Copy Permalink