SSL/TLS Settings For ybtools

The following client tools support Secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption:

ybload
ybunload
ybbackup, ybrestore

Note: ybsql also supports SSL/TLS but with different options. See ybsql Connections.

These tools provide the following security options:

--secured: require SSL, which has the default SSLMODE of require root ca verification
When --secured is set, SSL/TLS encryption is used to secure all communication. The default setting is not secured; no encryption is used.
--cacert: supply a custom root ca bundle for trusting the cert installed under Yellowbrick
Note that this is not a server cert to be used in two-way trust.
--disable-trust: do not require root cert verification
--disable-trust is significant because it turns off the SSL/TLS root CA certification, not SSL/TLS. The bulk data tools require root CA certification by default. However, ybsql and many client tools do not require root CA certification.

Note: When SSL-only mode is enabled, you do not need to use the --secured option in ybtools commands. However, the behavior described here for the --cacert and --disable-trust options still applies.

See Opening Network Ports for Clients for a list of the port numbers that the client tools use for data control and data transfer. The ybtools data transfer ports will remain unencrypted if the --secured option is not set or SSL-only mode is not enabled.

Parent topic:Client Tools and Drivers

Setting Up Encryption

Creating an Alert Endpoint

LDAP Authentication

Synchronizing Users and Groups

Loading from Amazon S3

Loading from Azure Blob Storage

Creating Resource Pools

Creating Rules

Subqueries

ENCRYPT_KS

SQL Operators and Pattern Matching Functions

Regular Expression Details

SSL/TLS Settings For ybtools ​

SSL/TLS Settings For ybtools