Security at

In our highly interconnected world, to care for IT security, safety, and data privacy is more important than ever. Everything we do at has a special focus on security—including our core database product, CrateDB, our cloud offering CrateDB Cloud, our integrations, and our customer and partner support.

Reporting security issues

If you have any security concerns related to one of's products, services, or websites, reach out to our security team at

Please, do not publish or disclose any of your concerns or findings publicly, and do not use our public issue trackers for these reports due to their sensitive nature. Thank you so much for your understanding.

You will hear back from us within one business day, and we'll keep you in the loop while investigating the reported issue.

Security in CrateDB

By default, CrateDB only allows access via the superuser crate from localhost. While this can be changed, it is highly discouraged, to keep the system as secure as possible.

In the enterprise version, SSL/TLS encryption can be enabled as documented. (The connections to CrateDB are not encrypted by default, since it requires valid x509 certificates).

Security in CrateDB Cloud

All the CrateDB Cloud services run via HTTPS or other encrypted protocols, following modern security best-practices. Customer clusters are only available via HTTPS and PostgreSQL's wire protocol with TLS encryption.