Encryption: Data in Transit Node to Node¶
Communication between all or some nodes can be encrypted. The controlling parameter is
- Configure the
Available options are:
- none (default)
- dc: encrypts the traffic between the data centers.
- rack: encrypts the traffic between the racks.
- certificate - A PEM format certificate, either self-signed, or provided by a certificate authority (CA).
- keyfile - The corresponding PEM format key for the certificate.
- truststore - Optional path to a PEM format certificate store of trusted CA:s. If not provided, Scylla will attempt to use the system trust store to authenticate certificates.
server_encryption_options: internode_encryption: <none|rack|dc|all> certificate: <path to PEM encoded certificate file> keyfile: <path to PEM encoded key for certificate> truststore: <optional path to PEM encoded trust store>
- Restart Scylla node to apply the changes.