Skip to main content

Documentation Index

Fetch the complete documentation index at: https://openmetadata-feat-feat-2mbfixdeploy.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

ā€‹
OSS Security

ā€‹
Encryption of Connection Credentials

OpenMetadata ensures that sensitive information, such as passwords and connection secrets, is securely stored.
  • Encryption Algorithm: OpenMetadata uses Fernet encryption to encrypt secrets and passwords before storing them in the database.
  • Fernet Encryption Details:
    • Uses AES-128 in CBC mode with a strong key-based approach.
    • Not based on hashing or salting, but rather an encryption/decryption method with a symmetric key.
  • Secrets Manager Support:
    • Users can avoid storing credentials in OpenMetadata by configuring an external Secrets Manager.
    • More details on setting up a Secrets Manager can be found here: šŸ”— Secrets Manager Documentation

ā€‹
Secure Connections to Data Sources

OpenMetadata supports encrypted connections to various databases and services.
  • SSL/TLS Support:
    • OpenMetadata allows users to configure SSL/TLS encryption for secure data transmission.
    • Users can specify SSL modes and provide CA certificates for SSL validation.
  • How to Enable SSL?
    • Each connector supports different SSL configurations.
    • Follow the detailed guide for enabling SSL in OpenMetadata: šŸ”— Enable SSL in OpenMetadata

ā€‹
Additional Security Measures

  • Role-Based Access Control (RBAC): OpenMetadata allows administrators to define user roles and permissions.
  • Authentication & Authorization: OpenMetadata supports integration with OAuth, SAML, and LDAP for secure authentication.
  • Data Access Control: Users can restrict access to metadata based on policies and governance rules.
  • Passwords and secrets are securely encrypted using Fernet encryption.
  • Connections to data sources can be encrypted using SSL/TLS.
  • Secrets Managers can be used to manage credentials externally.