The 2024 CrateDB architecture guide covering all key concepts is out.

Download now
Skip to content
Contact

Security

At CrateDB, we understand that in today's digital landscape, prioritizing security is more crucial than ever. We take great pride in providing you with a protected and secure environment for all your data needs.

In our highly interconnected world, to care for IT security, safety, and data privacy is more important than ever. Everything we do at CrateDB has a special focus on security—including our core database product, CrateDB, our cloud offering CrateDB Cloud, our integrations, and our customer and partner support.

Reporting security issues

If you have any security concerns related to the CrateDB product, services or online properties, reach out to our security team at security@crate.io.

Please, do not publish or disclose any of your concerns or findings publicly, and do not use our public issue trackers for these reports due to their sensitive nature. Thank you so much for your understanding.

You will hear back from us within one business day, and we'll keep you in the loop while investigating the reported issue.

Security in CrateDB

In order to keep the system as secure as possible, follow the recommendation mentioned in the CrateDB Documentation.

SSL/TLS encryption is available and is recommendable to be used, and the same can be enabled as documented. Initially the connections to CrateDB are not encrypted by default, since it requires valid x509 certificates.

 

Security in CrateDB Cloud

Every service offered by CrateDB Cloud operates exclusively through HTTPS or other encrypted protocols, adhering strictly to contemporary security best-practices. For utmost protection, customer clusters are accessible solely via HTTPS and PostgreSQL's wire protocol, which includes TLS encryption.

ISO 27001 Certification

CrateDB Cloud is ISO 27001 certified. Read the announcement >

iso27001_seal_grey_webversion_150x50pxISO/IEC 27001 is the international standard for information security management systems (ISMS) established by the International Organization for Standardization. The ISO/IEC 27001 standard "provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system".
See the official CrateDB ISO 27001 certificate >