In self-hosted airbyte, how are credentials (e.g. Snowflake password) stored? Can you point me to any places in the codebase

Hi Varun! As per the docs, "Airbyte stores the credentials (like API Keys and passwords) you provide in the Airbyte application database". Here is the full doc: https://docs.airbyte.com/operator-guides/security/#credential-management As a general rule we advice against exposing your OSS Airbyte instance to the public internet. Depending on where you are hosting it, there are different ways of securing it. Here's an article we released this August: https://airbyte.com/blog/improving-security-for-open-source-airbyte-users Let me know if you need more info!

@Varun Jain Airbyte builds requests using airbyte-server, which uses a config database (and secrets store), which is filled in by airbyte-config. Take a look at this file in our codebase: https://github.com/airbytehq/airbyte/blob/v0.40.14/airbyte-config/config-persisten[…]java/io/airbyte/config/persistence/SecretsRepositoryWriter.java

Thanks for the pointers, folks! I see there are plans to launch integrations with the cloud secret managers in the open source. Looks like GCP is launched and AWS is pending - is that right? Also, when the credentials are stored in the config database, are they stored as is or is there some addtional encryption applied on the server before writing to the db?

Hey @Varun Jain, yes at the moment GCP Is launched but AWS is pending. The credentials are encrypted as they are stored in the secret store. Feel free to browse the file I linked above to see for yourself. Hope this helps, feel free to ask more questions in the channel!