SQLitePilot
Sign in
← All guides

security

SQLitePilot Security Measures

Understand how SQLitePilot is securing passwords and enabling secure connections.

Last updated: Dec 8, 2025

On this page

SQLitePilot was built to help teams inspect remote SQLite databases without exposing raw credentials. This guide explains the main protections in place and how you can make the most of them.

Secure tunnels for database access

  • SSH-first architecture: every connection definition points to a remote host and database path but never requires opening SQL ports to the internet. SQLitePilot connects over SSH using your encrypted key, executes sqlite3 commands on the server, and streams back only the output.
  • On-demand sessions: the dashboard connects only after you explicitly choose a connection and click Connect. Disconnecting tears down the tunnel immediately.
  • Remote sqlite3 installer: if the remote host lacks sqlite3, SQLitePilot can run a guided installation via SSH (with your confirmation). This keeps you from having to expose the box in other ways.

Data handling and visibility

  • Minimal storage: SQLitePilot does not ingest your full databases. Table previews and SQL results stream through the SSH tunnel and are shown live in the UI.
  • SQL history audit: each successful command logs the query text, timestamp, and user ID so you can review who ran what. This helps with internal accountability.

Password and SSH key handling

  • Client control: you bring your existing SSH private key—the same ~/.ssh/id_ed25519 or ~/.ssh/id_rsa file you already trust.
  • AES-256-GCM encryption at rest: before the key leaves the browser, the key is securely encrypted.
  • No public-key guessing: SQLitePilot never tries to generate or infer keys; you are always the source of truth.
  • Hashed passwords: passwords are never stored in plain text. During registration SQLitePilot hashes the password before saving it. Login checks compare hashes rather than the original string.

What you can do

Here are some good practices you can do to improve security:

  1. Rotate keys periodically: delete old SSH keys from Keys and upload fresh ones whenever teammates leave a project.
  2. Use strong passwords: the platform enforces a minimum length, but you can go further by using a password manager.
  3. Monitor history: keep an eye on the SQL Command History panel to catch unexpected changes early.
  4. Report suspicious activity: open Report a Bug if you see behavior that might indicate a security issue. Include timestamps and connection names so the team can investigate quickly.

These layers ensure SQLitePilot keeps credentials safe, sessions isolated, and remote database access tightly controlled while still giving you the convenience of a browser-based tool.