Encryption in transit on YugabyteDB Clusters

YugabyteDB can be configured to protect data in transit using the following:

• Server-to-server encryption for inter-node communication between YB-Master and YB-TServer nodes.
• Client-to-server encryption for communication between clients and nodes when using CLIs, tools, and APIs for YSQL and YCQL.

YugabyteDB supports Transport Layer Security (TLS) encryption based on OpenSSL (v. 1.0.2u or later), an open source cryptography toolkit that provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols.

{{<index/block>}}

{{<index/item title="Create server certificates" body="Create server certificates (using TLS) for protecting data in transit between YugabyteDB nodes." href="server-certificates/" icon="fa-thin fa-file-certificate">}}

{{<index/item title="Enable encryption in transit" body="Enable encryption (using TLS) between YB-Master and YB-TServer nodes." href="server-to-server/" icon="fa-thin fa-server">}}

{{<index/item title="Connect to clusters" body="Connect clients, tools, and APIs to encryption-enabled YugabyteDB clusters." href="connect-to-cluster/" icon="fa-thin fa-plug">}}

{{<index/item title="TLS and authentication" body="Use TLS encryption in conjunction with authentication." href="tls-authentication/" icon="fa-thin fa-user-lock">}}

{{</index/block>}}