Security
Striim for Snowflake is deployed as an Elastic Kubernetes Service (EKS) pod on Amazon Web Services (AWS). Much of the security for Striim for Snowflake, such as data encryption at rest, comes from the security infrastructure provided by EKS and AWS. For more information, see the Security section of the Amazon EKS documentation.
User metadata is stored in the EKS pod. This metadata can be accessed only by Striim DevOps personnel, and all such access generates an audit trail. Sensitive data including source database passwords, SSL keys, and SSL passwords are not accessible to DevOps personnel.
Authentication
Snowflake authorizes access to resources based on a verified client identity. Striim for Snowflake connects to Snowflake over JDBC.. See Connect to Snowflake for details on Snowflake roles and permissions.
Striim for Snowflake's default password policy enforces character variety and minimum length. Each individual user can change the password for their own account. Regardless of privilege level, no user account can manage the password for another account.
Access control
What users can access and do in Striim for Snowflake is controlled by roles. For more information, see Add users.
Encryption between services
All communication between your Striim Cloud Console and your Striim for Snowflake instances is encrypted using Transport Layer Security (TLS) 1.2.
REST API
REST API keys are specific to individual users and not accessible to other users or Striim DevOps personnel. An audit trail tracks all actions taken through the API for each user.