Sign inGet started

Getting started

Welcome to Deepnote

Connecting to data sources

Coding and analysis tools

Security and privacy

Securing connections

Securing connections

Data is the core of your work in Deepnote — that's why we prioritize keeping it safe. Here's how to secure connections to your data and ensure end-to-end privacy.

Connecting to databases on private networks

You can choose one of two ways to authorize Deepnote to connect to your database. You can authorize the set of IP addresses that Deepnote uses to connect or you can connect using an SSH tunnel.

Authorizing Deepnote's IP addresses

Authorizing Deepnote's IP addresses is only available on the Team plan and the Enterprise plan, including the trial periods. Authorizing Deepnote's IP addresses is not available on the Education plan.

Deepnote has five fixed IP addresses you will need to authorize.

Here are quick-start guides for changing the firewall/security settings:

Using SSH to connect to your data

If you want to use SSH to securely connect to an integration without native SSH support (e.g., Metaflow, Chalk), or a long-lived SSH tunnel, refer to SSH key.

You can connect to selected data warehouses and database integrations via a secure SSH tunnel that is configurable in the Integrations menu. Deepnote automatically generates a public SSH key for your workspace that you can add it to the authorized keys file (~/.ssh/authorized_keys) on your SSH bastion.


If you query a database with SSH configured from an SQL block, Deepnote will automatically create an SSH tunnel.

The following Integrations support SSH tunnels:

  • PostgreSQL
  • Microsoft SQL Server
  • Amazon Redshift
  • MongoDB
  • MySQL
  • ClickHouse
  • MindsDB
  • MariaDB

Workspace SSH key

Deepnote automatically generates an SSH private/public key pair for your workspace. The private key is stored securely in Deepnote and used when authenticating an SSH connection from an SQL block. The workspace SSH key is the same for all integrations within that workspace, simplifying deployment when multiple data sources are secured behind the same bastion.

Encrypting your connections with SSL

All database and warehouse integrations support encrypted connections via SSL to make sure your data travels safely over the internet.

Fully managed data warehouses such as Snowflake, Google BigQuery, and Amazon Redshift will have SSL enabled by default. Databases such as Postgres, MySQL, and Microsoft SQL Server may require additional configuration.

By default, Deepnote will always connect using the preferred mode. It will try to use SSL if the database is configured to use it, but it will fall back to an unencrypted connection if not.

To make sure SSL is used, enable the setting when creating a new integration or editing an existing one. This will put the connection in required mode. In this state, encryption is enforced but the certificate of the server is not validated. If the database is not configured to use SSL, the connection will fail.


To run in strict mode, you can upload a CA Certificate for your database or warehouse. We'll verify that the server's certificate is valid.