| title | description | ms.author | author | ms.service | ms.subservice | ms.topic | ms.date |
|---|---|---|---|---|---|---|---|
Security overview - Azure Cosmos DB for PostgreSQL |
Information protection and network security for Azure Cosmos DB for PostgreSQL. |
nlarin |
niklarin |
cosmos-db |
postgresql |
conceptual |
07/04/2024 |
[!INCLUDE PostgreSQL]
This page outlines the multiple layers of security available to protect the data in your cluster.
Whenever data is ingested into a node, Azure Cosmos DB for PostgreSQL secures your data by encrypting it in-transit with Transport Layer Security (TLS) 1.2 or higher. Encryption (SSL/TLS) is always enforced, and can’t be disabled.
The minimum TLS version required to connect to the cluster might be enforced by setting ssl_min_protocol_version coordinator and worker node parameter to TLSV1.2 or TLSV1.3 for TLS 1.2 or TLS 1.3 respectively.
The Azure Cosmos DB for PostgreSQL service uses the FIPS 140-2 validated cryptographic module for storage encryption of data at-rest. Data, including backups, are encrypted on disk, including the temporary files created while running queries. The service uses the AES 256-bit cipher included in Azure storage encryption, and the keys are system-managed. Storage encryption is always on, and can't be disabled.
[!INCLUDE access]
See Azure Cosmos DB for PostgreSQL limits and limitations page.
- Learn how to enable and manage private access
- Learn about private endpoints
- Learn about virtual networks
- Learn about private DNS zones