Secure Data Flow

Yuki’s network architecture ensures secure communication, data confidentiality, and full traceability across every stage of the query lifecycle. All data exchanges between customer systems, the Yuki Proxy, the Yuki Engine, and Snowflake are encrypted, authenticated, and monitored.

Secure Data Flow (Customer-Hosted Proxy Deployment). For Yuki-managed or PrivateLink deployments, the same principles apply.

Authentication and Authorization

Each operation within Yuki services is authenticated and authorized using temporary tokens that can be invalidated upon request. Authentication integrates directly with Snowflake, ensuring that users and roles remain unchanged and continue to be managed within the customer’s Snowflake account.

Initial Authentication Process

  1. The BI platform initiates an authentication (AUTH) request to Snowflake through the Yuki Proxy.

  2. The Proxy recognizes the request and transparently forwards it to Snowflake.

  3. Snowflake handles authentication, preserving all existing users, roles, and permissions.

Query Encryption and Transmission

For each query executed through Yuki:

  • The Yuki Proxy encrypts the query text using the SHA-256 protocol.

  • The encryption key is stored within the customer’s secret-management service or supported key-management system.

  • The encrypted query is transmitted securely to the Yuki Engine over HTTPS.

  • Authentication between the Proxy and Engine uses JWT tokens.

This ensures the confidentiality and integrity of all queries in motion.

Compute Resource Allocation

After receiving the encrypted query, the Yuki Engine analyzes the workload and responds to the Proxy with the most appropriate compute resource (warehouse) for execution. The Proxy then:

  • Adjusts session parameters according to the Engine’s recommendation.

  • Forwards the query to Snowflake for execution using the specified resource.

Query Execution and Result Retrieval

  • Snowflake executes the query under the same roles and privileges configured in the customer’s environment.

  • Results are returned to the Yuki Proxy, which forwards them to the BI platform for display and analysis.

  • No user data or query content is stored by Yuki during or after this process.

Encryption in Transit

All communication between Yuki components and external systems is protected with end-to-end encryption:

  • All data transmission occurs over HTTPS with strong protocol, key-exchange, and cipher standards.

  • Both internet and intranet connections are encrypted and authenticated.

  • Encryption keys for transmission are managed by Yuki and protected according to its Encryption Policy.

Security Measures

To maintain secure operations across the network:

  • SHA-256 encryption ensures query confidentiality and integrity.

  • HTTPS and JWT authentication secure communication between Yuki Proxy and Yuki Engine.

  • Dynamic compute-resource allocation enhances both performance and data protection.

Next Step

→ See how costs translate into real savings in the Yuki Savings Page

PreviousEncryption KeysNextYuki Savings

Last updated