Sign inTry Free

Getting Started

On this page

The certification matrix below shows the latest versions tested for SingleStore and CTE/VTE:

Certification Matrix

Versions

CTE

6.3.1, 7.1

SingleStore

7.1.x, 7.3.x, 7.5.x or later

Certified OS

RHEL/CentOS 6 or 7 (version 7 is preferred), Debian 8 or 9 (version 9 is preferred)

Note: This document assumes you already have a working SingleStore cluster.

Before you begin configuring SingleStore to work with CTE, ensure you have the Vormetric Data Security Manager (DSM) installed and configured. Refer to the DSM Installation and Configuration Guide available on the Thales Support Portal.

When using CTE, you must use a kernel supported by Thales. Contact your Thales representative for a list of supported kernel versions. The CTE/OS compatibility matrix is available to Thales customers via their web portal.

Warning

The default AWS Linux kernel for Ubuntu is not supported with CTE. See Appendix A for instructions on how to prepare an Ubuntu AWS instance.

Notes on Product Naming

From release 7.0.0 and onward, the VTE (Vormetric Transparent Encryption) Agent is rebranded to CTE (CipherTrust Transparent Encryption). For the purposes of this document, the terms are interchangeable.

The Thales DSM’s CTE counterpart is the CipherTrust Manager (CM). The documentation for CM deployment is publicly available: https://www.thalesdocs.com/ctp/cte/Books/Online-Files/index.html

CTE and VTE agents can be registered to either DSM or CM; however, the steps outlined below are specific to the DSM.

Process Overview

The process of protecting your data with CTE has two main components: installing and configuring CTE and your SingleStore cluster, and configuring which files are protected. Accordingly, this document is split into the following major sections:

Last modified: April 26, 2023

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK