Skip to content
Start free
Start free
Product > Database

Security

At CrateDB, we understand that in today's digital landscape, prioritizing security, safety, and data privacy is more crucial than ever. We take great pride in providing you with a protected and secure environment for all your data needs.

Everything we do at CrateDB has a special focus on security—including our core database product, CrateDB, our cloud offering CrateDB Cloud, our integrations, and our customer and partner support.

Your Data is Handled with Care

  • Enterprise-grade security: Protect your data with granular role-based access controls and advanced secure communication protocols.
  • Secure cloud by default: CrateDB Cloud ensures end-to-end encryption, safeguarding your data both in transit and at rest.
  • Compliance ready: CrateDB Cloud is certified to meet global standards, ensuring rigorous security and privacy compliance.
  • Seamless integration for modern workflows: Effortlessly integrate CrateDB with your infrastructure using private connections and multi-factor authentication for enhanced security.

Data Encryption

CrateDB protects your data at all stages of its lifecycle.

  • Encryption at rest: Available in CrateDB Cloud through encrypted volumes.
  • Encryption in transit: All traffic to clients is encrypted by default for CrateDB Cloud, including:
    • HTTP endpoint: Enforces HTTPS for all client communications.
    • PostgreSQL Wire Protocol: Enforces SSL connections, with validation configurable per client.
Encryption is optional when running CrateDB on your own infrastructure.

Certifications and Compliance

CrateDB Cloud is certified for ISO 27001 and SOC 2 Type 2, demonstrating our commitment to the highest standards of security and compliance.

Additionally, CrateDB Cloud is fully compliant with HIPAA and GDPR, ensuring robust protection for sensitive data and adherence to global regulatory requirements.

Vulnerability Management

We ensure protection against potential threats through regular testing and proactive security measures.

  • Audit logging: CrateDB Cloud logs all actions within an organization, ensuring full traceability.
    Note: Query logging is not enabled to maintain performance and data privacy.
  • Penetration testing: Regular tests are conducted on both CrateDB and CrateDB Cloud to identify and mitigate vulnerabilities.
  • Vulnerability disclosure program: CrateDB provides secure means to report vulnerabilities, encouraging collaboration with security researchers to continuously improve the platform.

CrateDB Cloud: Security Out-of-the-Box

CrateDB Cloud provides built-in security features so you can focus on building and scaling your applications without compromise.

  • IP allowlist: Restrict access to your clusters by specifying trusted IP ranges, adding an extra layer of security.
  • Secure access: MFA, PrivateLink, and role-based permissions ensure only authorized users can access your data.
  • Encryption in transit: All traffic is encrypted via TLS.
  • Encryption at rest: Enabled by default using encrypted Volumes.
  • Isolated clusters: CrateDB Cloud clusters are isolated and accessed through secure protocols.

CrateDB Self-Managed

If you are using CrateDB Self-Managed, follow the recommendation mentioned in the CrateDB Documentation in order to keep the system as secure as possible.

CrateDB supports SSL/TLS encryption to secure your connections, and it is strongly recommended to enable it for enhanced security. By default, connections to CrateDB are not encrypted. To activate encryption, you need to configure valid TLS certificates, following the steps outlined in the documentation.

Reporting security issues

If you have any security concerns related to the CrateDB product, services or online properties, reach out to our security team via this GitHub page or by writing an email to security@crate.io.

Please, do not publish or disclose any of your concerns or findings publicly, and do not use our public issue trackers for these reports due to their sensitive nature. Thank you so much for your understanding.

You will hear back from us within one business day, and we'll keep you in the loop while investigating the reported issue.

ISO 27001 Certification

CrateDB Cloud is ISO 27001 certified. Read the announcement >

iso27001_seal_grey_webversion_150x50pxISO/IEC 27001 is the international standard for information security management systems (ISMS) established by the International Organization for Standardization. The ISO/IEC 27001 standard "provides companies of any size and from all sectors of activity with guidance for establishing, implementing, maintaining and continually improving an information security management system".
See the official CrateDB ISO 27001 certificate >

 

SOC 2 Type 2 Certification

CrateDB Cloud is SOC 2 Type 2 certified. Read the announcement >

AICPA SOC 2 Type 2 LogoSOC 2 (Service Organization Controls 2) is a rigorous auditing standard developed by the American Institute of Certified Public Accountants (AICPA). It ensures that service providers effectively protect customer data based on five key principles: security, privacy, availability, processing integrity, and confidentiality. By achieving SOC 2 Type 2 compliance, we have demonstrated to our customers and partners that we have established and maintained effective controls over our systems and data throughout the entire year.

 

HIPAA Compliance

HIPAA compliance logoThe Health Insurance Portability and Accountability Act (HIPAA) was created in 1996 to govern the flow and sharing of personal health information (ePHI). CrateDB is HIPAA ready and enables covered entities and their business associates to leverage CrateDB to store, process, and analyze ePHI.

 

 

GDPR Compliance

GDPR compliance logoThe General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. CrateDB provides our customers the necessary capabilities for building GDPR compliance.

 

 

CCPA Compliance

CCPA-logoThe California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. CrateDB is committed to supporting its customers in their CCPA compliance efforts.