We are excited to announce the release of JumpWire’s Community Edition, as an open-source database gateway‼️
Community Edition features
- Access databases using SSO — Give your developers a magic-link login to production databases, no more individual password sharing!
- Grant privileges on types not schemas — Let anyone access production without seeing customer PII.
- Encrypt sensitive stuff — Stop worrying that a database backup or dump will leak all your sensitive data.
- Block secrets from leaving a database — Passwords and credit-card numbers should (almost) never be returned in query results.
A database gateway is similar to an API gateway but for database requests - it’s a reverse proxy that sits in front of databases and consolidates cross-cutting security concerns, such as access control, query routing, encryption and logging/auditing. By using a gateway, dev teams can add non-native security features to popular databases without re-architecting their entire backend. Security teams can ensure that data access is centrally managed and access policies are being uniformly enforced.
As engineers, William and Ryan have a bias towards being open-source. But we resisted the urge until we could articulate the persona for an open-source version. Since our initial product focused only on data encryption, being honest with ourselves meant there wasn’t a use case that made sense for individual teams or small companies.
So why open source now? Our product capabilities have expanded - working with design partners, we found that teams who manage their own databases lack tools for controlling access. It’s a perfect opportunity for us to carve out an awesome core of our product (gateway/proxy host) and offer these to the community.
Unlike other access tools that connect at the network level, JumpWire implements native database protocols so that people and apps can connect directly to JumpWire without needing additional software. This means you can drop JumpWire in front of your database without making any other changes!
JumpWire enforces privilege rules based on types of data, as opposed to table and column names. This minimizes the impact on queries being canceled, as people are free to select columns that don’t contain restricted data types. Data types are labeled automatically by JumpWire, or through manual configuration.
The gateway comes secured by default, with integrations to secret vaults, ensuring TLS, and issuing certificates.
We also have an enterprise offering with privilege escalation workflows (for on-call teams) and advanced audit features.
We publish a docker image that can be deployed to any cloud environment in minutes! Check out installation instructions for a quick setup.
We’ve also written detailed walkthroughs for common deployment scenarios, such as running on Kubernetes or setting up an RDS bastion gateway.
We are very grateful for the wonderful YC partners and community, who continue to be a source of support and encouragement.