Encryption in transit
Enable encryption in transit (using TLS) to protect network communication.
YugabyteDB can be configured to protect data in transit using the following:
- Server-server encryption for intra-node communication between YB-Master and YB-TServer nodes.
- Client-server for communication between clients and nodes when using CLIs, tools, and APIs for YSQL and YCQL.
YugabyteDB supports Transport Layer Security (TLS) encryption based on OpenSSL (v. 1.0.2u or later), an open source cryptography toolkit that provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols.
Note: Client-server TLS encryption is not supported for YEDIS.
Follow the steps in this section to learn how to enable encryption using TLS for a three-node YugabyteDB cluster.
Create server certificates
Create server certificates (using TLS) for protecting data in transit between YugabyteDB nodes.
Enable server-to-server encryption
Enable server-to-server encryption (using TLS) between YB-Master and YB-TServer nodes.
Enable client-to-server encryption
Enable client-to-server encryption (using TLS) for YSQL and YCQL.