Working with files
Connecting to data sources
Coding and analysis tools
Security and privacy
Deepnote for education
Data is the core of your work in Deepnote — that's why we prioritize keeping it safe. Here's how to secure connections to your data and ensure end-to-end privacy.
Connecting to databases on private networks
You can choose one of two ways to authorize Deepnote to connect to your database. You can authorize the set of IP addresses that Deepnote uses to connect or you can connect using an SSH tunnel.
Authorizing Deepnote's IP addresses
Authorizing Deepnote's IP addresses is only available on the Team plan and the Enterprise plan, including the trial periods. Authorizing Deepnote's IP addresses is not available on the Education plan.
Deepnote has five fixed IP addresses you will need to authorize.
18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206
Here are quick-start guides for changing the firewall/security settings:
Using SSH to connect to your data
You can connect to selected data warehouses and database integrations via a secure SSH tunnel that is configurable in the Integrations menu. Deepnote automatically generates a public SSH key for your workspace that you can add it to the authorized keys file (
~/.ssh/authorized_keys) on your SSH bastion.
If you query a database with SSH configured from an SQL block, Deepnote will automatically create an SSH tunnel.
The following Integrations support SSH tunnels:
- Microsoft SQL Server
- Amazon Redshift
Workspace SSH key
Deepnote automatically generates an SSH private/public key pair for your workspace. The private key is stored securely in Deepnote and used when authenticating an SSH connection from an SQL block. The workspace SSH key is the same for all integrations within that workspace, simplifying deployment when multiple data sources are secured behind the same bastion.
Encrypting your connections with SSL
All database and warehouse integrations support encrypted connections via SSL to make sure your data travels safely over the internet.
Fully managed data warehouses such as Snowflake, Google BigQuery, and Amazon Redshift will have SSL enabled by default. Databases such as Postgres, MySQL, and Microsoft SQL Server may require additional configuration.
By default, Deepnote will always connect using the
preferred mode. It will try to use SSL if the database is configured to use it, but it will fall back to an unencrypted connection if not.
To make sure SSL is used, enable the setting when creating a new integration or editing an existing one. This will put the connection in
required mode. In this state, encryption is enforced but the certificate of the server is not validated. If the database is not configured to use SSL, the connection will fail.
To run in
strict mode, you can upload a CA Certificate for your database or warehouse. We'll verify that the server's certificate is valid.