Encryption in transit on YugabyteDB Clusters

Encryption in transit

Enable encryption in transit (using TLS) to protect network communication.

YugabyteDB can be configured to protect data in transit using the following:

  • Server-server encryption for intra-node communication between YB-Master and YB-TServer nodes.
  • Client-server for communication between clients and nodes when using CLIs, tools, and APIs for YSQL and YCQL.

YugabyteDB supports Transport Layer Security (TLS) encryption based on OpenSSL (v. 1.0.2u or later), an open source cryptography toolkit that provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols.

Follow the steps in this section to learn how to enable encryption using TLS for a three-node YugabyteDB cluster.