Security
In our highly interconnected world, to care for IT security, safety, and data privacy is more important than ever. Everything we do at CrateDB has a special focus on security—including our core database product, CrateDB, our cloud offering CrateDB Cloud, our integrations, and our customer and partner support.
Reporting security issues
If you have any security concerns related to the CrateDB product, services or online properties, reach out to our security team at security@crate.io.
Please, do not publish or disclose any of your concerns or findings publicly, and do not use our public issue trackers for these reports due to their sensitive nature. Thank you so much for your understanding.
You will hear back from us within one business day, and we'll keep you in the loop while investigating the reported issue.
Security in CrateDB
In order to keep the system as secure as possible, follow the recommendation mentioned in the CrateDB Documentation.
SSL/TLS encryption is available and is recommendable to be used, and the same can be enabled as documented. Initially the connections to CrateDB are not encrypted by default, since it requires valid x509 certificates.
Security in CrateDB Cloud
Every service offered by CrateDB Cloud operates exclusively through HTTPS or other encrypted protocols, adhering strictly to contemporary security best-practices. For utmost protection, customer clusters are accessible solely via HTTPS and PostgreSQL's wire protocol, which includes TLS encryption.
ISO 27001 Certification
CrateDB Cloud is ISO 27001 certified. Read the announcement >
ISO/IEC 27001 is the international standard for information security management systems (ISMS) established by the International Organization for Standardization. The ISO/IEC 27001 standard "provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system".
See the official CrateDB ISO 27001 certificate >