🔌Managing Connectors

Our library of connectors, AnyConnect™, offers a seamless integration to external data providers, enabling you to leverage data from your systems for Toucan visualizations. The library is specifically designed to connect to the most widely used and modern databases and data warehousing tools available in the market.

We provide two types of connectors:

  1. Generic Connectors: These connectors allow you to connect to multiple data sources, but they require advanced configuration to establish the connection.

  2. Specific Connectors: Built for individual data sources, these connectors feature a user-friendly interface that only requires the relevant information for authentication and establishing a connection to the specific data source

🔒 Security

Security is a core priority in how we interface with your data systems:

  • Read-Only Access: We operate in a non-intrusive way (only reading data). It does not have the ability to write, modify, or administer your data sources.

  • Least Privilege Principle: We strongly recommend using a read-only account when configuring a connection. This minimizes potential risk and aligns with best practices for access control.

  • Encrypted Connections: All data communications between Toucan and your source systems are encrypted. Connections with databases use secure protocols, and all interactions with the Toucan platform go through HTTPS.

  • Certificate Management: By default, We support trusted certificates. If needed, it is also possible to configure a custom certificate chain for some connectors.

  • No Persistent Live Data Storage: Data is not stored at rest unless explicitly configured in stored mode. In its default behavior, AnyConnect™ streams data only for immediate use in visualizations. See Stored and Live Datasets for more information

  • Secrets management: all secret fields related to your connectors are stored in a Vault using Hashicorp Vault

Access to a workspace's secrets is handled as follows:

  • The dataset service, to access a workspace's secrets, checks if it has a valid token for the given workspace, generating one if needed via Kubernetes authentication (Tokens are valid for one hour and are only stored in memory).

  • A token only allows access to the secrets of a single workspace, thus ensuring segregation of access to a workspace's secrets

Last updated

Was this helpful?