SQLitePilot
Sign in
← All guides

security

SQLitePilot Security Measures

Understand how SQLitePilot is securing passwords and enabling secure connections.

Last updated: Dec 8, 2025

On this page

SQLitePilot was built to help teams inspect remote SQLite databases without exposing raw credentials. This guide explains the main protections in place and how you can make the most of them.

Secure tunnels for database access

  • SSH-first architecture: every connection definition points to a remote host and database path but never requires opening SQL ports to the internet. SQLitePilot connects over SSH using your encrypted key, executes sqlite3 commands on the server, and streams back only the output.
  • On-demand sessions: the dashboard connects only after you explicitly choose a connection and click Connect. Disconnecting tears down the tunnel immediately.
  • Remote sqlite3 installer: if the remote host lacks sqlite3, SQLitePilot can run a guided installation via SSH (with your confirmation). This keeps you from having to expose the box in other ways.

Data handling and visibility

  • Minimal storage: SQLitePilot does not ingest your full databases. Table previews and SQL results stream through the SSH tunnel and are shown live in the UI.
  • SQL history audit: each successful command logs the query text, timestamp, and user ID so you can review who ran what. This helps with internal accountability.

Password and SSH key handling

  • Generated per connection: SQLitePilot creates a unique Ed25519 keypair when you create a connection.
  • No personal key upload: you never paste your own private key into the app.
  • AES-256-GCM encryption at rest: generated private keys are encrypted before storage.
  • Public-key install only: you copy the generated public key into your server ~/.ssh/authorized_keys file.
  • Hashed passwords: passwords are never stored in plain text. During registration SQLitePilot hashes the password before saving it. Login checks compare hashes rather than the original string.

What you can do

Here are some good practices you can do to improve security:

  1. Rotate keys periodically: recreate sensitive connections so SQLitePilot issues fresh per-connection keypairs.
  2. Use strong passwords: the platform enforces a minimum length, but you can go further by using a password manager.
  3. Monitor history: keep an eye on the SQL Command History panel to catch unexpected changes early.
  4. Report suspicious activity: open Report a Bug if you see behavior that might indicate a security issue. Include timestamps and connection names so the team can investigate quickly.

These layers ensure SQLitePilot keeps credentials safe, sessions isolated, and remote database access tightly controlled while still giving you the convenience of a browser-based tool.