Secure clusters

Secure clusters in YugabyteDB Managed

Configure the security features of your YugabyteDB Managed clusters

YugabyteDB Managed clusters include the following security features:

Feature Description
Network authorization Access to YugabyteDB Managed clusters is limited to IP addresses that you explicitly allow using IP allow lists.
You can further enhance security and lower network latencies by deploying clusters in a virtual private cloud (VPC) network.
Database authorization YugabyteDB uses role-based access control for database authorization. Using the default admin user that is created when a cluster is deployed, you can add additional roles and users to provide custom access to database resources to other team members and database clients.
Encryption in transit YugabyteDB Managed uses encryption-in-transit for client-server and intra-node connectivity.
Encryption at rest Data at rest, including clusters and backups, is AES-256 encrypted using native cloud provider technologies - S3 and EBS volume encryption for AWS, and server-side and persistent disk encryption for GCP.
Auditing YugabyteDB Managed provides detailed tracking of activity on your cloud, including cluster creation, changes to clusters, changes to IP allow lists, backup activity, and billing.