GITBOOK-1458: change request with no subject merged in GitBook

Author: mattgreg

.gitbook/assets/Screenshot 2025-02-19 at 7.25.34 PM.png

@@ -18,29 +18,27 @@ Ockam empowers you to build secure-by-design apps that can trust data-in-motion.
 
 With Ockam:
 
-**Impossible connections become possible.** Establish secure channels between systems in private networks that previously could not be connected because it is either too difficult or insecure
-
-**All public endpoints become private.** Connect your applications and databases without exposing anything publicly
+* **Impossible connections become possible.** Establish secure channels between systems in private networks that previously could not be connected because it is either too difficult or insecure.
+* **All public endpoints become private.** Connect your applications and databases without exposing anything publicly.
 
 \
 At its core, Ockam is a toolkit for developers to build applications that can create end-to-end encrypted, mutually authenticated, secure communication channels:
 
-**From anywhere to anywhere:** Ockam works across any network, cloud, or on prem infrastructure
-
-**Over any transport topology:** Ockam is compatible with every transport layer including TCP, UDP, Kafka, Bluetooth
-
-**Without no infrastructure, network, or application changes:** Ockam works at the application layer, so you don’t need to make complex changes
+* **From anywhere to anywhere:** Ockam works across any network, cloud, or on prem infrastructure. 
+* **Over any transport topology:** Ockam is compatible with every transport layer including TCP, UDP, Kafka, or even Bluetooth.
+* **Without no infrastructure, network, or application changes:** Ockam works at the application layer, so you don’t need to make complex changes. 
+* **While ensuring the risky things are impossible to get wrong:** Ockam’s protocols do the heavy lifting to establish end-to-end encrypted, mutually authenticated secure channels
 
-**While ensuring the risky things are impossible to get wrong:** Ockam’s protocols do the heavy lifting to establish end-to-end encrypted, mutually authenticated secure channels
-
-### Why Ockam is a game changer
+### Why Ockam is so unique
 
 Traditionally, connections made over TCP are secured with TLS. However, the security guarantees of a TLS secure channel only apply for the length of the underlying TCP connection. It is not possible to connect two systems in different private networks over a single TCP connection. Thus, connecting these two systems requires exposing one of them over the Internet, and breaking the security guarantees of TLS.
 
-Ockam works differently. Our secure channel protocol sits on top of an application layer routing protocol. This routing protocol can hand over  messages from one transport layer connection to another. This can be done over any transport protocol, with any number of transport layer hops:  TCP to TCP to TCP, TCP to UDP to TCP, UDP to Bluetooth to Kafka, etc. 
+**Ockam works differently**. Our secure channel protocol sits on top of an application layer routing protocol. This routing protocol can hand over  messages from one transport layer connection to another. This can be done over any transport protocol, with any number of transport layer hops:  TCP to TCP to TCP, TCP to UDP to TCP, UDP to Bluetooth to TCP to Kafka, etc. 
 
 Over these transport layer connections, Ockam sets up an end-to-end encrypted, mutually authenticated connection. This unlocks the ability to create secure channels between systems that live in entirely private networks, without exposing either end to the Internet. 
 
+<figure><img src=".gitbook/assets/Screenshot 2025-02-19 at 7.25.34 PM.png" alt=""><figcaption><p>Examples of Ockam Secure Channels over multiple hops of TCP, Kafka, UDP, or anything else.</p></figcaption></figure>
+
 Since Ockam’s routing protocol  is at the application layer, complex network and infrastructure changes are not required to make these connections. Rather than a months-long infrastructure project, you can connect private systems in minutes while ensuring the risky things are impossible to get wrong. NATs are traversed; Keys are stored in vaults; Credentials are short-lived; Messages are authenticated; Data-integrity is guaranteed; Senders are protected from key compromise impersonation; Encryption keys are ratcheted; Nonces are never reused; Strong forward secrecy is ensured; Sessions recover from network failures; and a lot more.
 
 ### Ockam is easy to use
@@ -50,7 +48,7 @@ The magic of Ockam is it's simplicity. All you need to do is subscribe to Ockam
 * Ockam Programming Libraries (Rust …)
 * Ockam Command
 * Ockam Docker Images
-* Redpanda Connect
+* RedPanda Connect
 * Managed Ockam Nodes from the AWS Marketplace
 * Snowflake Native Apps
 * Lambda/Serverless Functions

README.md

@@ -13,6 +13,7 @@
   * [Snowflake stage as SFTP server](https://www.ockam.io/blog/snowflake-stage-data-sftp)
   * [Snowflake stage as WebDAV file share](https://www.ockam.io/blog/snowflake-stage-data-webdav)
   * [Snowflake hosted private APIs](https://www.ockam.io/blog/snowflake-call-private-api)
+  * [Federated queries from Snowflake](https://www.ockam.io/blog/snowflake-query-postgres)
 
 ## ENCRYPTED PORTALS TO ... <a href="#portals" id="portals"></a>
 

SUMMARY.md

@@ -20,6 +20,7 @@ Try one of these demos yourself, or get a video walk through. 
 * [Snowflake federated queries to Postgres](https://www.ockam.io/blog/snowflake-query-postgres)
 * [Postgres to Snowflake Migrations](https://www.ockam.io/blog/snowflake-pull-postgres)
 * [Snowflake to Postgres for CDC (Change Data Capture)](https://www.ockam.io/blog/snowflake-push-postgres)
+* [Run federated queries from inside of Snowflake](https://www.ockam.io/blog/snowflake-query-postgres) 
 * [Steam Kafka events to to Snowflake](https://www.ockam.io/blog/snowflake-pull-kafka) 
 * [Real-Time CDC (Change Data Capture) Pipelines from Snowflake to Kafka](https://www.ockam.io/blog/snowflake-push-kafka)
 * [Access a Snowflake stage with SFTP](https://www.ockam.io/blog/snowflake-stage-data-sftp)