# Connecting via SSH

## Data Security at Airbook

At Airbook, we understand the importance of data security. Our servers employ default encryption to safeguard your data. We store sensitive information, like database credentials and SQL query outputs, using the robust Google Cloud Platform’s (GCP) Secret Key Manager, ensuring stringent access control. Moreover, our API interactions are fortified with HTTPS protocol, guaranteeing encryption of data in transit and protection against unauthorized access.

**Enhancing Your Data Privacy**

While we provide a secure environment, there are additional steps you can take to further boost your data privacy:

#### **Creating a Dedicated User Account in your Database**

For more granular control, consider setting up a dedicated Airbook user account in your Database environment. This allows you to:

* Assign specific access rights to Airbook, refining its database interactions.
* Establish limited database views accessible by the Airbook user.
* Utilize audit logging for detailed monitoring of all Airbook-executed queries.

### How to Connect Your Database to Airbook

If you opt for the dedicated user account approach, you’ll need to configure an SSH Tunnel to enable Airbook to query your Database. This involves a one-time setup of a Virtual Machine (VM) within your Virtual Private Cloud (VPC) and installing the AlloyDB Auth Proxy on this VM, often referred to as a "bastion." This bastion should be configured with a port (typically port 22 for SSH) that is accessible to Airbook.

### Step-by-Step Guide to Connect AlloyDB to Airbook

1. **Create a Bastion VM in GCP:** Set up a Virtual Machine to act as your bastion within the Google Cloud Platform.
2. **Install Database Auth Proxy:** Configure the AlloyDB authentication proxy on the bastion VM.
3. **Generate SSH Keypair:** Airbook will generate an SSH keypair for your workspace. You can find the public key on your integrations page and should copy it for later use.
4. **Set Up Service Account and User on Bastion:** Create a service account for Airbook within GCP and a new user on the bastion linked to this service account. Log in as this user and add the copied public key as an authorized SSH key.
5. **Configure your Database in Airbook:**
   * In the SSH section, input the host and port details of your VM, and the user name under which you added the SSH key.
   * In the Database section, enter the host and port of the AlloyDB Auth Proxy and the name of your AlloyDB database. Defaults are usually 127.0.0.1 and 5432.
   * Finally, provide the Username and Password of the AlloyDB user you’ve created for Airbook.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.airbook.io/connect/connecting-via-ssh.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.