Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-21 21:47:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
ToolJet/docs/versioned_docs/version-2.29.0/security.md
Abhinaba Adhikari fe086ac96c
Add new templates (#8907) 
* update whitelist IP address and add warning in workspace constants to avoid usage in the client

* [docs] platform milestone 11 (#8847)

* [docs]reset password

* [docs]edit+archive flow

* [docs]updated docs in v2.29 and v2.30

* [docs]github ssouserinfo

* [docs] openid - id_token_encrypted

* Change docker image build's slack message

* [docs]archive/unarchive workspaces:superadmin (#8880)

* mention that workspace constants will not work with workspace constants (#8887)

* update release notes and project overview sidebar (#8884)

* add rgba example for timeline doc (#8892)

* update commands and solution for migration issues

* minor grammar fix

* [docs] revamped how-to guides (#8688)

* [docs]revamped howto: serverside pagination

* [docs]revamp howto: import ext. js libs

* [docs]revamp howto:run actions from js query

* [docs]revamp howto: intentionally fail js query

* updated run query at specified

* revamped how to: use to_py

* [docs]updated how to access users location

* updated howtos in v2.30

* Add new templates - batch 3

---------

Co-authored-by: Karan Rathod <karan.altcampus@gmail.com>
Co-authored-by: Adish M <44204658+adishM98@users.noreply.github.com>
Co-authored-by: Shubhendra Singh Chauhan <withshubh@gmail.com>
Co-authored-by: Adish M <adish.madhu@gmail.com>
Co-authored-by: Akshay <akshaysasidharan93@gmail.com>
2024-02-29 11:56:03 +05:30

2 KiB
Raw Blame History

id title slug
security Security /security

Security

Uncompromised Data Security with SOC 2 Compliance

With SOC 2 compliance, Tooljet ensures the highest level of data security. The adherence to SOC 2 standards mirrors the rigorous data protection measures in place, covering everything from encryption to robust access controls. It also guarantees a consistent level of service availability and process integrity, instilling confidence in our customers and stakeholders about the safe handling of their sensitive information.

Data storage

ToolJet does not store data returned from your data sources. ToolJet server acts as a proxy and passes the data as it is to the ToolJet client. The credentials for the data sources are handled by the server and never exposed to the client. For example, if you are making an API request, the query is run from the server and not from the frontend.

Datasource credentials

All the datasource credentials are securely encrypted using aes-256-gcm. The credentials are never exposed to the frontend ( ToolJet client ).

Other security features

  • TLS: If you are using ToolJet cloud, all connections are encrypted using TLS. We also have documentation for setting up TLS for self-hosted installations of ToolJet.
  • Audit logs: Audit logs are available on the enterprise edition of ToolJet. Every user action is logged along with the IP addresses and user information.
  • Request logging: All the requests to server are logged. If self-hosted, you can easily extend ToolJet to use your preferred logging service. ToolJet comes with built-in Sentry integration.
  • Whitelisted IPs: If you are using ToolJet cloud, you can whitelist our IP address (34.86.81.252) so that your datasources are not exposed to the public.
  • Backups: ToolJet cloud is hosted on AWS using EKS with autoscaling and regular backups.

If you notice a security vulnerability, please let the team know by sending an email to security@tooljet.com.