Sign inTry Free

Security

Warning

SingleStore 9.0 gives you the opportunity to preview, evaluate, and provide feedback on new and upcoming features prior to their general availability. In the interim, SingleStore 8.9 is recommended for production workloads, which can later be upgraded to SingleStore 9.0.

This section provides the following database security-related information.

    Authentication: This topic covers SingleStore user configuration and authentication, including:

  • Password-based authentication.

  • Passwordless third-party user authentication with SAML 2.0 and Kerberos.

  • Authentication via pluggable authentication module (PAM).

  • Troubleshooting steps for common authentication-related issues.

  • Connection Links to store data source connection details.

  • General account security implementations, such as password policy, password resets, account lockout policy, host-based security, and file access restrictions.

Administration: This topic covers database security administration, such as role-based access control (RBAC) and row-level security (RLS) deployment. It also provides information about synchronizing user permissions across the SingleStore cluster.

Audit Logging: This topic discusses how SingleStore logs all database activities and writes the generated logs to an external location. It covers how to set up audit logging at different logging levels, audit log file formats supported, schemas for log file entries, common troubleshooting tips, and disabling audit logging.

Encryption: This section provides information about SingleStore's support for secure connections over SSL. It demonstrates how to generate SSL certificates, configure SingleStore server for secure client and intra-cluster connections, and mandate SSL connection between the server and clients.

In this section

Last modified: January 22, 2025

Was this article helpful?

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK