YugabyteDB can be configured to protect data in transit using the following:

  • Server-to-server encryption for inter-node communication between YB-Master and YB-TServer nodes.
  • Client-to-server encryption for communication between clients and nodes when using CLIs, tools, and APIs for YSQL and YCQL.

YugabyteDB supports Transport Layer Security (TLS) encryption based on OpenSSL (v. 1.0.2u or later), an open source cryptography toolkit that provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols.