Note Meltano Cloud is currently in Alpha. Features and implementation details may change between Alpha and GA.

"Project secrets" are any credentials or secrets required for executing the project's ELT functions. Project secrets are encrypted using the customer organization's dedicated public encryption key before submitting to Meltano.

1. Project secrets will always be encrypted, in transit and at rest.
2. Meltano will never store your secrets in clear text.
3. Meltano engineers do not have access to directly decrypt your secrets.
4. The decryption key for project secrets will never leave AWS servers.
5. Our IAM policies only allow the decrypt action within containers that are running project workloads.

The algorithm for encrypting secrets is an RSA assymetric encryption, using 4096-bit keys.

More information is available on the AWS website:

• https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-rsa-encryption