Elgato_dark/ToolJet
1
0
Fork 0
mirror of https://github.com/ToolJet/ToolJet synced 2026-04-21 21:47:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
ToolJet/docs/versioned_docs/version-2.68.0/security.md
Aman Regu bdfe3270e2
[docs]: v2.68.0-Beta (#10755) 
* docs: jira

* docs: formatting + Client Credentials grant type

* docs: connection string pgsql

* docs: parameterized queries mysql

* docs: parameterized queries in PostgreSQL

* docs: update mysql example

* docs: TJDB sql editor

* docs: add metadata to REST API

* docs: add, update  postgresql media

* docs: add metadata to graphql

* docs: update parameterized queries

* docs: add parameterized queries for mssql

* docs: add SSL Cert to mysql

* docs: TJDB SQL restricted commands

* docs: update JIRA token location

* docs: update delete issue example

* docs: update find user by query example

* docs: remove session id from get assignable users

* docs: use correct image for get issues for board

* docs: update create issue example

* docs: update delete issue media

* docs: update assignable users media

* docs: update examples

* docs: update key desc

* docs: v2.68.0-Beta
2024-09-13 19:23:19 +05:30

2.2 KiB
Raw Blame History

id title slug
security Security /security

Security

Uncompromised Data Security with SOC 2 Compliance

With SOC 2 compliance, ToolJet ensures the highest level of data security. The adherence to SOC 2 standards mirrors the rigorous data protection measures in place, covering everything from encryption to robust access controls. It also guarantees a consistent level of service availability and process integrity, instilling confidence in our customers and stakeholders about the safe handling of their sensitive information.

Data Storage

ToolJet does not store data returned from your data sources. ToolJet server acts as a proxy and passes the data as it is to the ToolJet client. The credentials for the data sources are handled by the server and never exposed to the client. For example, if you are making an API request, the query is run from the server and not from the frontend.

Datasource Credentials

All the datasource credentials are securely encrypted using aes-256-gcm. The credentials are never exposed to the frontend ( ToolJet client ).

Other Security Features

  • TLS: If you are using ToolJet cloud, all connections are encrypted using TLS. We also have documentation for setting up TLS for self-hosted installations of ToolJet.
  • Audit logs: Audit logs are available on the enterprise edition of ToolJet. Every user action is logged along with the IP addresses and user information.
  • Request logging: All the requests to server are logged. If self-hosted, you can easily extend ToolJet to use your preferred logging service. ToolJet comes with built-in Sentry integration.
  • Whitelisted IPs: If you are using ToolJet cloud, you can whitelist our IP address (34.86.81.252) so that your datasources are not exposed to the public.
  • Backups: ToolJet cloud is hosted on AWS using EKS with autoscaling and regular backups.

If you notice a security vulnerability, please let the team know by sending an email to security@tooljet.com.