Security and Compliance

On-Platform Security

  • Encryption at Rest in S3

    Source data, Tables and Materialized Views are isolated by customer and encrypted at rest in S3.

  • Tenant Isolation

    Materialize Cloud isolates each customer's infrastructure using strict network access control policies and container sandboxing.

  • Audit Events

    Materialize provides a system table `mz_audit_events` which records create, alter, drop events for objects in the system catalog.

  • RBAC: User-Level Privileges

    SQL RBAC (Role-Based Access Control) allows fine-grained tuning of access privileges by user and role.

SOC 2 Type 2 Compliant

Streaming Connection Security

Postgres Connection Security

  • SSH Tunnel with Bastion Host

    Create a secure connection with Materialize-generated Ed25519 keys to keep your database from being exposed to the public internet.

  • TLS Encryption

    Keep network traffic encrypted between Materialize and Database with standard Postgres SSL options.

  • Secure Passwords

    The SECRET object allows you to protect a password from accidental exposure in Materialize.

  • Static IPs for IP Allowlisting

    All outbound traffic from Materialize Cloud originates from a fixed set of IPs that you can allowlist in your environment.

Kafka Connection Security

  • SSL and SASL Authentication

    Materialize currently supports SSL or SASL encrypted connections for Broker and Registry.

  • Secure Keys

    The SECRET object allows you to protect certificates, passwords and keys from accidental exposure in Materialize.

  • Static IPs for Allowlisting

    All outbound traffic from Materialize Cloud originates from a fixed set of IPs that you can allowlist in your environment.

  • AWS PrivateLink

    AWS PrivateLink is available for participating enterprise customers.

Try Materialize Free

Get hands-on with Materialize in a 14-day Free Trial. Bring your own data, or use data sources we provide.