Skip to content
ZeptoDB

Security

Security at a Glance

Section titled “Security at a Glance”

Encryption

TLS 1.3 for all connections. Optional mTLS for service-to-service authentication. Data encrypted at rest via Parquet + S3 SSE.

Authentication

JWT/OIDC (Okta, Auth0, Azure AD, Google), API keys with rotation, and mTLS client certificates.

Authorization

RBAC with 5 built-in roles: admin, writer, reader, analyst, monitor. Namespace isolation for multi-tenancy.

Audit

All authentication events, queries, and admin actions logged. Structured JSON format for SIEM integration.

Compliance

Section titled “Compliance”
StandardStatus
SOC2 Type IIReady (audit logging, RBAC, encryption)
MiFID IIReady (trade audit trail, access controls)
GDPRNamespace isolation, data deletion support
PCI DSSTLS 1.3, access controls, audit logging

Security Features

Section titled “Security Features”

Transport Security

Section titled “Transport Security”
  • TLS 1.3 on all endpoints (HTTP, Arrow Flight, cluster RPC)
  • mTLS for cluster-internal communication
  • Configurable cipher suites and certificate rotation

Authentication

Section titled “Authentication”
  • JWT/OIDC with automatic token validation and refresh
  • API key management with creation, rotation, and revocation
  • Multi-factor via OIDC provider delegation

Authorization

Section titled “Authorization”
  • Role-Based Access Control (RBAC) with 5 roles
  • Per-namespace permissions for multi-tenant deployments
  • Query-level access control (table/column restrictions)

Rate Limiting

Section titled “Rate Limiting”
  • Per-user and per-role rate limits
  • Configurable burst and sustained rates
  • Automatic throttling with informative error responses

Audit Logging

Section titled “Audit Logging”
  • All auth events (login, logout, failed attempts)
  • All queries with user attribution
  • Admin actions (role changes, key management)
  • Structured JSON format, compatible with Splunk/ELK/Datadog

Responsible Disclosure

Section titled “Responsible Disclosure”

Found a security issue? Please report it responsibly:

📧 security@zeptodb.com (placeholder)

We aim to acknowledge reports within 48 hours and provide a fix timeline within 5 business days.

For detailed configuration, see the Security Operations Guide and SSO Integration Guide.