Secure clusters in YugabyteDB Managed
Configure the security features of your YugabyteDB Managed clusters
YugabyteDB Managed clusters include the following security features:
Feature | Description |
---|---|
Network authorization | Access to YugabyteDB Managed clusters is limited to IP addresses that you explicitly allow using IP allow lists. You can further enhance security and lower network latencies by deploying clusters in a virtual private cloud (VPC) network. |
Database authorization | YugabyteDB uses role-based access control for database authorization. Using the default database admin user that is created when a cluster is deployed, you can add additional roles and users to provide custom access to database resources to other team members and database clients. |
Encryption in transit | YugabyteDB Managed uses encryption-in-transit for client-server and intra-node connectivity. |
Encryption at rest | Data at rest, including clusters and backups, is AES-256 encrypted using native cloud provider technologies: S3 and EBS volume encryption for AWS, Azure disk encryption, and server-side and persistent disk encryption for GCP. For additional security, you can encrypt your clusters using keys that you manage yourself. |
Auditing | YugabyteDB Managed provides detailed auditing of activity on your account, including cluster creation, changes to clusters, changes to IP allow lists, backup activity, billing, access history, and more. |