DataFlow encryption reference
Database Type | Connector | Encryption on by default? | Notes | Supported JDBC options |
---|---|---|---|---|
MySQL |
JDBC |
No |
Can be configured through JDBC options |
clientCertificateKeyStoreUrl=file:///root/work/mysql-ssl/keystore.jks& clientCertificateKeyStorePassword=password123& trustCertificateKeyStoreUrl=file:///root/work/mysql-ssl/ca-cert.jks&trustCertificateKeyStorePassword=password123 |
Oracle |
JDBC |
No |
Can be configured through JDBC options |
oracle.net.encryption_client=REQUESTED; oracle.net.crypto_checksum_client=REQUESTED; oracle.net.encryption_types_client=AES256; oracle.net.crypto_checksum_types_client=SHA1 |
MariaDB |
JDBC |
No |
Can be configured through JDBC options |
useSSL=true&password=password123& trustStore=/root/works/mariadb-ssl/certificates/mariaDB_TrustStore.jks&trustStorePassword=pass123& keyStore=/root/works/mariadb-ssl/certificates/mariaDB_keystore.jks& keyStorePassword=password123 |
PostgreSQL |
JDBC |
No |
Can be configured through JDBC options |
ssl=true&sslmode=ver ify-ca&sslpassword=password123&sslcert=/root/work/postgress-ssl/postgres_ssl_keys/postgresql.crt&sslkey=/root/work/postgress-ssl/postgres_ssl_keys/postgresql.der&sslrootcert=/root/work/postgress-ssl/postgres_ssl_keys/root.crt |
MSSQL |
JDBC |
No |
Can be configured through JDBC options |
trustServerCertificate=false;trustStore=/root/work/sqlserver-ssl/sqlserver_cert/sqlservernew_trust.jks;trustStorePassword=password123;encrypt=true |
Cassandra |
JDBC |
No |
Can be configured through JDBC options |
sslclientcert=/root/work/cassandra/keystore.jks;sslclientcertpassword=password123;sslclientcerttype=JKS;usessl=true |
MongoDB |
JDBC |
No |
Can be configured through JDBC options |
sslclientcert=/root/work/mongodb/keystore.jks;sslclientcertpassword=password123;sslclientcerttype=JKS;usessl=true |
Hive |
JDBC |
No |
Available as an authentication type choice |
|
Presto |
JDBC |
No |
Available as an authentication type choice |
|
SAP Adaptive Server Enterprise |
JDBC |
No |
Can be configured through JDBC options |
Encryption=ssl;TrustedFile='/path/to/the/trusted/roots/file'; |
Netezza |
JDBC |
No |
Can be configured through JDBC options |
securityLevel=onlySecured;CaCertFile=file:///root/work/netezza-ssl/nz_cert_key/ca-cert.pem |
IBM DB2 |
JDBC |
No |
Can be configured through JDBC options |
sslConnection=true;trustStore=/root/work/db2-ssl/db2_cert/db2_trust.jks;trustStorePassword=password123 |
Snowflake |
JDBC |
Yes |
No configuration is required, by default Snowflake encrypts the data in transit. |
|
Amazon Redshift |
JDBC |
No |
Configuration is same as for PostgreSQL. If the server’s certificate is CA signed and the CA is already in trusted list, then no need to explicitly set a truststore, just |
|
Google BigQuery |
Native Java Driver |
Yes |
https://cloud.google.com/security/encryption-in-transit#end_user_internet_to_a_google_cloud_service https://cloud.google.com/security/encryption-in-transit#encryption_in_transit_by_default |
|
Azure Synapse |
JDBC |
Yes |
||
Teradata |
JDBC |
No |
EncryptData property has to be set to true as suggested here: https://teradata-docs.s3.amazonaws.com/doc/connectivity/jdbc/reference/current/jdbcug_chapter_2.html#URL_ENCRYPTDATA |
|
SAP HANA |
JDBC |
No |
Can be configured through JDBC options |
encrypt=true;trustStore=/<path>/<to>/truststore.jks;trustStoreType=JKS;trustStorePassword=<password of the JKS file>;hostNameInCertificate=<FQDN in the server certificate> |
SAP SQL Anywhere |
JDBC |
No |
Can be configured through JDBC options |
ENCRYPTION=TLS(FIPS=OFF;TRUSTED_CERTIFICATE=rsaroot.crt;ALLOW_EXPIRED_CERTS=ON;SKIP_CERTIFICATE_NAME_CHECK=ON;CERTIFICATE_NAME=MyCertificateName) |
Amazon Aurora |
JDBC |
No |
Can be configured through JDBC options |
sslMode=VERIFY_IDENTITY&trustCertificateKeyStoreUrl=file:///root/work/mysql-ssl/ca-cert.jks&trustCertificateKeyStorePassword=password123 |
Denodo |
JDBC |
No |
No parameters available for passing truststore explicitly, certificate is expected in the java default cacerts |
|
Databricks Delta Lake |
JDBC/DBFS CLI |
Yes |
No configuration is required, the default connection string provided by Databricks is with SSL enabled with its port on 443. The DBFS CLI internally uses REST with https endpoints |
|
MemSQL |
JDBC |
Yes for Managed Instance |
Option available in connection for on-premise MemSQL. Truststore details should be provided in connection |
|
Splunk |
JDBC |
No |
No additional configuration required from connection as long as the SSL Server certificate is present in the default java truststore.
For example, use: |
|
Salesforce |
JDBC |
No |
No additional configuration required from connection as long as the SSL Server certificate is present in the default java truststore.
For example, use: |