Secure Data Flow

Yuki's network design guarantees protected communications and comprehensive traceability through query processing. Data exchanges among customer systems, the Yuki Proxy, Yuki Engine, and Snowflake feature encryption and authentication.

Secure data flow diagram

Authentication and Authorization

Initial operations use temporary tokens managed through Snowflake's native user and role structure.

BI platform sends authentication request to Snowflake via Yuki Proxy
Proxy transparently routes to Snowflake
Snowflake manages authentication while preserving existing users, roles, and permissions

Each operation within Yuki services is authenticated and authorized using temporary tokens that can be invalidated upon request.

Query Encryption and Transmission

The Proxy applies SHA-256 encryption to query text, with keys stored in the customer's secret-management service. Encrypted queries travel securely over HTTPS using JWT tokens for Proxy–Engine authentication.

Compute Resource Allocation

The Engine analyzes workload and recommends appropriate warehouse resources. The Proxy adjusts session parameters and forwards queries to Snowflake.

Query Execution and Result Retrieval

Snowflake processes queries under configured roles. Results return through the Proxy to the BI platform. Yuki retains no user data or query content post-execution.

Encryption in Transit

End-to-end HTTPS encryption protects all Yuki component communications using strong TLS standards across all connections.

Deployment Options

The same security principles apply across all deployment models:

Customer-hosted Proxy
Yuki-managed (SaaS)
AWS PrivateLink

Authentication and Authorization​

Query Encryption and Transmission​

Compute Resource Allocation​

Query Execution and Result Retrieval​

Encryption in Transit​