Skip to content
Features

Data Encryption

CrateDB ensures top-notch security measures at every level to ensure data protection. The data encryption feature is designed to guard your information during transmission (in flight).

CrateDB allows for Transport Layer Security (TLS) to encrypt internal communication between CrateDB nodes and external communication with HTTP and PostgreSQL clients. This secure communication setup is configurable based on the protocol:

  • For HTTP, enabling SSL means all connections will necessitate HTTPS.
  • For the PostgreSQL Wire Protocol, enabling SSL allows clients to decide on a per-connection basis whether to use SSL. However, you can mandate SSL usage via Host-Based Authentication.
  • For the CrateDB transport protocol, nodes will only accept SSL connections when SSL is enabled. This makes sure that node communication is encrypted even across different zones or data centers.

CrateDB highly recommends using encrypted disks for storing data, a feature that is a default in CrateDB's managed cloud offering

Learn more about CrateDB security measures >

CrateDB Architecture Guide

This comprehensive guide covers all the key concepts you need to know about CrateDB's architecture. It will help you gain a deeper understanding of what makes it performant, scalable, flexible and easy to use. Armed with this knowledge, you will be better equipped to make informed decisions about when to leverage CrateDB for your data projects. 

CrateDB-Architecture-Guide-Cover

Additional resources

Interested in learning more?