CrateDB ensures top-notch security measures at every level to ensure data protection. The data encryption feature is designed to guard your information during transmission (in flight).
CrateDB allows for Transport Layer Security (TLS) to encrypt internal communication between CrateDB nodes and external communication with HTTP and PostgreSQL clients. This secure communication setup is configurable based on the protocol:
- For HTTP, enabling SSL means all connections will necessitate HTTPS.
- For the PostgreSQL Wire Protocol, enabling SSL allows clients to decide on a per-connection basis whether to use SSL. However, you can mandate SSL usage via Host-Based Authentication.
- For the CrateDB transport protocol, nodes will only accept SSL connections when SSL is enabled. This makes sure that node communication is encrypted even across different zones or data centers.
CrateDB highly recommends using encrypted disks for storing data, a feature that is a default in CrateDB's managed cloud offering.
Learn more about CrateDB security measures >