To enable SnapLogic® apps require connection information and credentials to connect to your endpoints. The IIP saves these configurations as Accounts. AutoSync saves them as credentials.
The SnapLogic platform encrypts credentials and configuration data using an asymmetric key pair, which is unique for each environment (Org). When you enter sensitive properties in the browser, such as passwords, the platform encrypts them using the environment's public key. When you save, the platform passes the encrypted data over an HTTPS connection to the control plane. The control plane stores the encrypted information in a secure S3 bucket that uses server-side encryption for data at rest. When an executing pipeline needs to connect, the Snaplex retrieves credentials from the SnapLogic control plane. The Snaplex decrypts the data using the environment's private key but does not persist the credentials locally. At no time is data stored or transported over the wire in an unencrypted form.
For additional security:
- Organizations using self-managed Snaplexes (Groundplexes) can subscribe to Enhanced Encryption or Secrets Management:
- With Enhanced Encryption, the Organization does not share the private key with SnapLogic but instead stores it on the Groundplex nodes. The control plane can not decrypt the account credentials.
- With Secrets Management, your organization stores credentials in a third-party secrets manager. SnapLogic Accounts contain only the information necessary to access the secrets manager.
- Organizations using Snaplexes managed by SnapLogic can further secure credentials by using the App Gateway.
SnapLogic standard encryption, Enhanced Encryption and Secrets Management do not protect against misuse by people in your organization. You should ensure that only authorized users have access to credentials.