Last updated on February 13, 2021
This document outlines how we handle your database credentials. For more information about how we access and store other information please review our Privacy document.
Are my database credentials safe?
When you connect your database to our system, we store all the credentials (i.e. host, port, etc.) you provide as is, except for your database password.
The database password you enter is never stored on our servers in plain text.
We, instead, encrypt it using a special key which is immediately purged from our servers and only stored on your computer via a secure cookie. This ensures that even if someone breaks into our servers, they won't be able to access your database password without having your special key.
Here are more technical details on how we handle your database password when you connect your database to our system:
1. We generate a random key
Our system uses getrandom(2) as the source for randomness, which ensures that the generated key is cryptographically secure.
The key generated is 32 bytes long before encoding. We encode this key for reliable transport through network layers, which expands it to a longer string.
2. We use the key to encrypt your password
We use OpenSSL and the AES-256-CBC cipher, and encrypt your password using the newly generated key.
The encrypted value is then stored on our database.
3. We attach the key to your device as a cookie
This cookie is, by default, removed from your device when you close your web browser. You can opt to save this cookie on your device for as long as 60 days.
All cookies our system generate are encrypted and signed with an authentication code.
4. We purge the key from our servers
This makes our servers unable to connect to your database except for every time you open our site on your browser (and send an HTTPS request that includes the cookie with the key).
This also means that in the unlikely case when a hacker break into our servers, they would not be able to access your database password, because only your device has they key.
Can your team access my database?
No. This is because only an encrypted version of your database password is stored on our servers, and the key to decrypt that is only stored on your device in form of a cookie.
This means that even our team accessing our servers will not be able to access your database password.
Why do I need to re-enter my database password on every new device I use?
This is by design.
To keep your credentials safe, we only store an encrypted version of your database password which is encrypted with a special key. This key is never stored on our database, but is instead attached to your device, the machine you use to enter your credentials, in form of a cookie.
This means that each key is ONLY available on ONE device, and anyone trying to connect to your database, including yourself, from another device, has to re-enter the database password.