The 2024 CrateDB architecture guide covering all key concepts is out.

Download now
Skip to content

Data Encryption

CrateDB ensures top-notch security measures at every level to ensure data protection. The data encryption feature is designed to guard your information during transmission (in flight).

CrateDB allows for Transport Layer Security (TLS) to encrypt internal communication between CrateDB nodes and external communication with HTTP and PostgreSQL clients. This secure communication setup is configurable based on the protocol:

  • For HTTP, enabling SSL means all connections will necessitate HTTPS.
  • For the PostgreSQL Wire Protocol, enabling SSL allows clients to decide on a per-connection basis whether to use SSL. However, you can mandate SSL usage via Host-Based Authentication.
  • For the CrateDB transport protocol, nodes will only accept SSL connections when SSL is enabled. This makes sure that node communication is encrypted even across different zones or data centers.

CrateDB highly recommends using encrypted disks for storing data, a feature that is a default in CrateDB's managed cloud offering

Learn more about CrateDB security measures >

Product documentation

Secured communications (SSL/TLS)

Additional resources

Interested in learning more?