Hello,
The ScyllaDB Cloud team is pleased to announce that client-to-node encryption in ScyllaDB Cloud has been improved by adding self-service management controls and ScyllaDB Account Certificate Authority (CA) to sign cluster certificates.
ScyllaDB Cloud clusters no longer rely on self-signed certificates, which encrypt traffic but require manual distribution of the certificate to each client. With this addition, customers no longer need to open support tickets related to cluster TLS certificates. Cluster certificates can be downloaded securely from the ScyllaDB Cloud Portal.
Once downloaded, they can be used to establish trust with ScyllaDB cluster certificates, ensuring that the connection between the customer application (driver, cqlsh, or Alternator client) and the ScyllaDB Cloud nodes is encrypted.
Why use TLS?
- Confidentiality—Network traffic cannot be read while in transit.
- Integrity—Traffic cannot be modified without detection.
- Authentication—Clients can verify that they are communicating with the correct server.
Client-to-node encryption supports both CQL and Alternator. The feature is available for all newly created clusters. The CA’s public certificate can be downloaded directly from ScyllaDB Cloud, along with updated connection examples showing how to use these certificates. Customers can find additional details in the Connect tab in ScyllaDB Cloud and in the ScyllaDB Cloud documentation.
Documentation: Client-to-node Encryption