When you first connect your database to our system, Locusive will automatically read your database's schema and record that in our own database (note, we do not read any of your data, rather, we simply get a snapshot of the database tables and columns you have in your system and record them so we can provide that schema as context to an LLM down the line).
When we receive a request from one of your approved users, we'll then use an LLM to determine the best action to take on your connected data sources to answer that request. If the LLM determines that it needs to run a SQL query on your existing database, it will use your securely stored credentials to access your database and run a read-only query against the data in your system. It then takes that data and uses it to answer your user's request, or it combines that data with any other data sources it needs to access in order to respond to your users.
In order to ensure the LLM can properly respond to your users' requests, we refresh our records of your database schema on a daily basis, but you can also refresh your schema yourself manually if you need to get a more immediate answer. You can always see the list of tables that our system knows about by going to the "Database" integration page on your Locusive account.
In order to ensure your data is always secure, you can whitelist our system's public IP address. Our system will always use that IP address to access your database. In addition, we use symmetric key encryption to store your database credentials in an encrypted format. Every organization created on Locusive receives their own encryption key, which is stored in a secure secrets manager. When you first set up your database credentials, we use your specific secret key to encrypt your credentials and store them in a system that's separate from the secrets manager. When our system determines it needs to run a query on your database, it securely fetches the secret key, uses it to decrypt your database credentials in a one-time operation, and connects to your database using the decrypted connection information.
All data is transmitted securely with TLS and your unencrypted database credentials are never stored anywhere.
Our system also only runs SELECT statements against your database.
We will also be implementing monitors for malicious and banned topics to prevent against prompt injections, rogue queries, or unintended side effects.
Finally, to increase security, we recommend you create a clone of your master database that that is used as a replica of your primary production system and you create a read-only user for Locusive to use to access your system.