Sign inGet started

Getting started

Welcome to Deepnote
First steps

Working with files

Integrated file system
Shared datasets
Working with Jupyter notebooks
Importing code from GitHub

Connecting to data sources

Coding and analysis tools

Collaboration

Workspace permissions
Sharing a project
Real-time collaboration
Comments
Sharing and embedding blocks

Pricing

Plans and billing
Billing alerts and limits
Additional machine hours
Downgrading or canceling

Security and privacy

SSO & Directory sync
Audit log
Securing connections

Deepnote for education

Overview
Get free Education plan
For teachers
For students
FAQs

Additional resources

Support
Product portal
Acceptable use policy

Securing connections

Data is the core of your work in Deepnote — that's why we prioritize keeping it safe. Here's how to secure connections to your data and ensure end-to-end privacy.

Connecting to databases on private networks

You can choose one of two ways to authorize Deepnote to connect to your database. You can authorize the set of IP addresses that Deepnote uses to connect or you can connect using an SSH tunnel.

Authorizing Deepnote's IP addresses

Authorizing Deepnote's IP addresses is only available on the Team plan and the Enterprise plan, including the trial periods. Authorizing Deepnote's IP addresses is not available on the Education plan.

Deepnote has five fixed IP addresses you will need to authorize.

3.220.159.34
34.236.123.2
52.5.148.98
3.230.134.18
3.209.101.227

Here are quick-start guides for changing the firewall/security settings:

Using SSH to connect to your data

You can connect to selected data warehouses and database integrations via a secure SSH tunnel that is configurable in the Integrations menu. Deepnote automatically generates a public SSH key for your workspace that you can add it to the authorized keys file (~/.ssh/authorized_keys) on your SSH bastion.

ssh_db.png

If you query a database with SSH configured from an SQL block, Deepnote will automatically create an SSH tunnel.

The following Integrations support SSH tunnels:

  • PostgreSQL
  • Microsoft SQL Server
  • Amazon Redshift
  • MongoDB
  • MySQL
  • ClickHouse
  • MindsDB
  • MariaDB
  • Dremio
  • Trino

SSH Tunnel integration

The feature is available on the Enterprise plan.

The SSH Tunnel integration allows you to securely connect to resources on private networks. For example, you may want to connect to an experiment tracking tool (such as MLflow), a database without a native integration in Deepnote (such as Redis) or a feature store (such as feast) hosted in your network.

In order to use SSH to connect to SQL databases with a native integration in Deepnote we recommend using the integration setting.

When you connect the integration, the SSH tunnel starts in the background and it exposes the host and port that you can use to access your data. Here's an example along with a code that demonstrates how to use the SSH Tunnel integration to query a private API that provides daily candles for a given ticker.

ssh-tunnel-integration

import os
import requests

# Get the local host and port from environment variables
# Note – you may need to change the variable names as they contain the integration name
HOST = os.environ['MY_SSH_TUNNEL_LOCAL_HOST']
PORT = os.environ['MY_SSH_TUNNEL_LOCAL_PORT']

# Set up the URL for the API endpoint
url = f'http://{HOST}:{PORT}/daily-candles/XYZ'

# Make the API request
response = requests.get(url)

# Print the response content
print(response.content)

To find the environment variable names for your integration, you can open the three-dot menu of the integration in the right sidebar and click "How to use".

SSH.png

Workspace SSH key

Deepnote automatically generates an SSH private/public key pair for your workspace. The private key is stored securely in Deepnote and used when authenticating an SSH connection from an SQL block. The workspace SSH key is the same for all integrations within that workspace, simplifying deployment when multiple data sources are secured behind the same bastion.

Encrypting your connections with SSL

All database and warehouse integrations support encrypted connections via SSL to make sure your data travels safely over the internet.

Fully managed data warehouses such as Snowflake, Google BigQuery, and Amazon Redshift will have SSL enabled by default. Databases such as Postgres, MySQL, and Microsoft SQL Server may require additional configuration.

By default, Deepnote will always connect using the preferred mode. It will try to use SSL if the database is configured to use it, but it will fall back to an unencrypted connection if not.

To make sure SSL is used, enable the setting when creating a new integration or editing an existing one. This will put the connection in required mode. In this state, encryption is enforced but the certificate of the server is not validated. If the database is not configured to use SSL, the connection will fail.

required_ssl.png

To run in strict mode, you can upload a CA Certificate for your database or warehouse. We'll verify that the server's certificate is valid.

strict_ssl.png