Officially out now: The TypeDB 3.0 Roadmap >>

In-flight encryption certificate

This page outlines the approach in managing TLS certificate that is used to encrypt network traffic between client and server for development and production environment.

Development environment

For development, a self-signed certificate that is generated by openssl, mkcert, or step can be used.

For example, here is how a self-signed certificate can be created with the step command.

Given that a TLS certificate must be signed by certificate authority (CA), you must create a CA certificate provided you don’t have one already.

step certificate create "typedb-encryption-test-cert" internal-cert.crt internal-cert.key --subtle --ca=root-ca.crt --ca-key=root-ca.key

Afterwards, the TLS certificate can be created with the following command:

step certificate create "typedb-encryption-test-cert" internal-cert.crt internal-cert.key --subtle --ca=root-ca.crt --ca-key=root-ca.key

Production environment

For production environment, it is recommended to configure TypeDB with certificates generated by trusted CA such as LetsEncrypt, CloudFlare or Verisign.