Home > Secure >

TLS Encryption

Enable TLS encryption over the wire in YugabyteDB (enterprise edition only).

Attention

This page documents an earlier version. Go to the latest (v2.1) version.

Note

TLS encryption is only supported in YugabyteDB Enterprise Edition.

YugabyteDB uses OpenSSL (native to Linux/BSD operating systems) in order to perform TLS encryption. You can configure YugabyteDB to encrypt all network communication. The following communication is encrypted:

Server to server (for example, between YB-Masters and YB-TServers)
Client to server (including connecting to the cluster using a command line shell)

Note that YEDIS does not currently support TLS encryption, however this is on the roadmap. Please open a GitHub issue if this is of interest.

In this section, we will look at how to setup a 3 node YugabyteDB cluster with TLS encryption enabled.

1. Prepare nodes

Generate the per-node config and prepare the nodes with the config data.

2. Server-server encryption

Enable server to server encryption between YB-Masters and YB-TServers.

3. Client-server encryption

Enable client to server encryption.

4. Connect to cluster

Connecting to a YugabyteDB cluster with TLS encryption enabled.