Try a preview of AI-powered search below!

Encryption in transit

Enable encryption in transit (using TLS) to protect network communication.

YugabyteDB can be configured to protect data in transit using the following:

• Server-server encryption for intra-node communication between YB-Master and YB-TServer nodes.
• Client-server for communication between clients and nodes when using CLIs, tools, and APIs for YSQL and YCQL.

YugabyteDB supports Transport Layer Security (TLS) encryption based on OpenSSL (v. 1.0.2u or later), an open source cryptography toolkit that provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols.

Note: Client-server TLS encryption is not supported for YEDIS.

Follow the steps in this section to learn how to enable encryption using TLS for a three-node YugabyteDB cluster.

Create server certificates

Create server certificates (using TLS) for protecting data in transit between YugabyteDB nodes.

Enable server-to-server encryption

Enable server-to-server encryption (using TLS) between YB-Master and YB-TServer nodes.

Enable client-to-server encryption

Enable client-to-server encryption (using TLS) for YSQL and YCQL.

Connect to clusters

Connect clients, tools, and APIs to encryption-enabled YugabyteDB clusters.

TLS and authentication

Use TLS encryption in conjunction with authentication.