Skip to main content

Encryption

LayerStandard
Credentials at restAES-256
Data in transitTLS 1.3
All credentials are encrypted with AES-256 before storage. They are never stored in plain text or logged. All data transfers use TLS 1.3, and connections to your destination use the strongest available encryption.

Minimal Permissions per Destination

Always create a dedicated user with the minimum permissions required:
DestinationRecommended Permissions
PostgreSQLCREATE TABLE, INSERT, UPDATE on target schema
MongoDBreadWrite role on target database
ElasticsearchWrite access to target index (or index creation privileges)
AlgoliaAdmin API Key with write access to target index
MeilisearchMaster key or admin key with write access
Never use root/superuser credentials for outbound feeds. Create a dedicated user with only the permissions listed above.

IP Whitelisting

For maximum security, restrict inbound connections to your destination to only Jobo’s IP addresses.
Contact support to get the current IP range for whitelisting. We recommend keeping your whitelist up to date and reviewing it periodically.
This applies to:
  • PostgreSQL pg_hba.conf or cloud firewall rules
  • MongoDB Atlas Network Access list
  • Elasticsearch cluster security groups
  • Any self-hosted destination behind a firewall

Best Practices

1

Use dedicated credentials

Create a separate database user with minimal permissions for the Jobo feed. Never share credentials with other applications.
2

Enable TLS

Always use encrypted connections (ssl_mode: require for PostgreSQL, mongodb+srv:// for MongoDB, HTTPS for search engines).
3

Restrict network access

Whitelist only Jobo’s IP addresses in your firewall rules. Contact support for the current IP range.
4

Rotate credentials regularly

Periodically rotate passwords and API keys, then update the feed configuration. This limits the blast radius of any credential leak.