We are launching CrateOM: a smart solution that transforms process data into actionable insights

Learn more
Skip to content

Security at Crate.io


In our highly interconnected world, to care for IT security, safety, and data privacy is more important than ever. Everything we do at Crate.io has a special focus on security—including our core database product, CrateDB, our cloud offering CrateDB Cloud, our integrations, and our customer and partner support.

Reporting security issues

If you have any security concerns related to one of Crate.io's products, services, or websites, reach out to our security team at security@crate.io.

Please, do not publish or disclose any of your concerns or findings publicly, and do not use our public issue trackers for these reports due to their sensitive nature. Thank you so much for your understanding.

You will hear back from us within one business day, and we'll keep you in the loop while investigating the reported issue.

Security in CrateDB

By default, CrateDB only allows access via the superuser crate from localhost. While this can be changed, it is highly discouraged, to keep the system as secure as possible.

In the enterprise version, SSL/TLS encryption can be enabled as documented. (The connections to CrateDB are not encrypted by default, since it requires valid x509 certificates).

Security in CrateDB Cloud

All the CrateDB Cloud services run via HTTPS or other encrypted protocols, following modern security best-practices. Customer clusters are only available via HTTPS and PostgreSQL's wire protocol with TLS encryption.

Subscribe to the Crate.io Newsletter now

We respect your privacy and data. Your information will not be shared with third parties. You can unsubscribe from this newsletter at any time.