Skip to content
Start free
Start free

Security

Protecting your data end-to-end, from connection to compliance.

Modern data platforms must not only deliver performance, they must earn trust. In distributed and real-time environments, security isn’t optional: it’s foundational.
CrateDB is built with security at its core, covering how users connect, how data is accessed, how storage is encrypted, how usage is logged, and how compliance is achieved. Whether you’re running a managed cluster, a self-managed installation, or a hybrid setup, CrateDB supports enterprise-grade security policies across the entire stack.

Key security pillars

Authentication: Ensure that only the right identities (users, services, agents) can connect to your CrateDB clusters. CrateDB supports secure authentication methods for both managed and self-managed deployments.
Learn more >

Authorization & Role-Based Access Control (RBAC): Once connected, control what identities can do. With fine-grained permissions and role definitions, you can enforce the least privilege principle to protect your data and operations.
Learn more >

Encryption (in-transit & at-rest): Data must be protected both on the wire and when stored. CrateDB supports TLS/SSL for all client and internal node connections, and encrypted storage volumes for persistent data. 
Learn more >

Audit logging: Full visibility into who did what, when and how. CrateDB Cloud logs all relevant actions and accesses, enabling traceability and forensic capability. 
Learn more >

Compliance & certifications: Trust is built on standards. CrateDB Cloud holds certifications such as ISO 27001 and SOC 2 Type II to demonstrate that its processes meet rigorous security and information-management standards.
Learn more >

Why it matters

  • End-to-end protection: From connection to storage to auditing, every layer is secured.
  • Enterprise readiness: Meet regulatory and internal requirements without sacrificing real-time performance or flexibility.
  • Trust for your users: Your customers, partners and stakeholders expect data platforms to enforce modern security practices.
  • Operational peace of mind: Whether running in the cloud, on-premises or at the edge, your deployment inherits a strong security foundation.

Integrations & deployment contexts

  • For CrateDB Cloud, security features such as encryption at rest, IP allowlists, MFA, and isolated clusters are enabled by default.
  • For self-managed CrateDB, you have full control: you can configure TLS/SSL for both client and internal communication, enable role-based access, activate auditing and apply your own governance procedures.
  • The same security model covers edge, hybrid and multi-cloud use cases, ensuring consistent policy and enforcement wherever you deploy.
cr-quote-image

Reporting security issues

If you have any security concerns related to the CrateDB product, services or online properties, reach out to our security team via this GitHub page or by writing an email to security@crate.io.

Please, do not publish or disclose any of your concerns or findings publicly, and do not use our public issue trackers for these reports due to their sensitive nature. Thank you so much for your understanding.

You will hear back from us within one business day, and we'll keep you in the loop while investigating the reported issue.