IBM Cloud Docs
Securing your data in watsonx Code Assistant

Securing your data in watsonx Code Assistant

To ensure that you can securely manage your data when you use watsonx Code Assistant, it is important to know what data is stored and encrypted and how you can delete any stored data. Depending on your security requirements, you can encrypt data with customer-managed keys by integrating with IBM Cloud key management services. Such services include Key Protect, which supports the bring-your-own-key (BYOK) method, or Hyper Protect Crypto Services, which supports the keep-your-own-key (KYOK) method.

Securing your IDE extension setup

watsonx Code Assistant

Developers should follow instructions to secure the setup of the watsonx Code Assistant IDE extension.

For more information, see:

Securing extension setup
IDE Instructions
Visual Studio Code Securing your setup
Eclipse IDE Securing your setup

Chat conversation storage

IBM watsonx Code Assistant stores all your chat conversation history locally in your file system in <your home directory>/.wca/chat.db, in a database format defined by SQLite. IBM watsonx Code Assistant does not share these conversations with anyone. This file is not encrypted, other than the encryption that your file system provides. Safeguard this file against improper access.

Telemetry data

IBM watsonx Code Assistant does not collect any telemetry data. In general, watsonx Code Assistant doesn't send any data that it processes to a third party, IBM included.

How your data is stored and encrypted in IBM watsonx Code Assistant

Watsonx Code Assistant stores customer-specific metadata, such as the connection asset for Db2, in a deployment space that the customer's cloud administrator creates. This space is reflected within IBM Cloud Object Storage as a folder in a Object Storage bucket. This bucket uses an IBM Cloud Object Storage instance that is owned by the customer. The customer can encrypt this data at rest by BYOK, or use the automatic encryption with keys that are provided by Object Storage. Watsonx Code Assistant accesses this data by using the customer-provided credentials. Watsonx Code Assistant has no way to access this data without these credentials.

Configuring IBM Cloud Object Storage

IBM Cloud Object Storage provides storage for projects, catalogs, and deployment spaces. You are required to associate an IBM Cloud Object Storage instance when you create projects, catalogs, or deployment spaces to store files for assets, such as uploaded data files or notebook files. The Lite plan instance is a no-cost option with storage capacity up to 25 GB per month.

You can also access data sources in an IBM Cloud Object Storage instance. To access IBM Cloud Object Storage, you create a Object Storage connection when you want to connect to data stored in Object Storage. A Object Storage connection has a different purpose from the Object Storage instance that you associate with a project, deployment space, or catalog. For more information, see Getting started with IBM Cloud Object Storage.

The Cloud Identity and Access Management service securely authenticates users and controls access to IBM Cloud Object Storage. For instructions to set up access control for IBM Cloud Object Storage on IBM Cloud®, see How do I invite a user to administer buckets and data?.

Encrypting data at rest

Red Hat Ansible Lightspeed

By default, data at rest is encrypted with randomly generated keys that IBM manages. If the default keys are sufficient protection for your data, no additional action is needed. To provide more protection for at rest data, you can create and manage your own keys with IBM® Key Protect for IBM Cloud®, which is an encryption solution that securely stores data in IBM Cloud Object Storage.

For more information, see Encrypting data with your own keys.

Encrypting data in motion

IBM encrypts data that is transmitted on any public networks and within the Cloud Service's private data center network. Encryption methods such as HTTPS, SSL, and TLS are used to protect data in motion.

Event logging

IBM watsonx Code Assistant services on IBM Cloud do not have event logging available.