kubectl logs apigee-cassandra-2 -n apigee -f
INFO 00:44:36 Starting listening for CQL clients on /10.0.2.12:9042 (encrypted)...
INFO 00:44:36 Binding thrift service to /10.0.2.12:9160
INFO 00:44:36 enabling encrypted thrift connections between client and server
INFO 00:44:36 Listening for thrift clients...
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-08-21 (世界標準時間)。"],[[["\u003cp\u003eApigee hybrid uses Cassandra as its backend datastore, and TLS encryption is enabled by default for all communication between Cassandra nodes and clients to ensure data security.\u003c/p\u003e\n"],["\u003cp\u003eClient communication with Cassandra requires authentication, utilizing four different users: DML, DDL, Admin, and a default user, each with specific roles and default passwords.\u003c/p\u003e\n"],["\u003cp\u003eYou can change the default passwords for Cassandra users in the \u003ccode\u003eoverrides.yaml\u003c/code\u003e file by updating the configuration and applying the change to your cluster, ensuring all usernames are in lowercase.\u003c/p\u003e\n"],["\u003cp\u003eCassandra logs indicate that client connections are encrypted, confirming the successful implementation of secure communication between clients and the Cassandra server.\u003c/p\u003e\n"],["\u003cp\u003eThere is an outdated version warning at the top of this page for the user to upgrade to a newer version of the documentation for Apigee hybrid, and the specific version is 1.1, considered end of life.\u003c/p\u003e\n"]]],[],null,["# Configuring TLS for Cassandra\n\n| You are currently viewing version 1.1 of the Apigee hybrid documentation. **This version is end of life.** You should upgrade to a newer version. For more information, see [Supported versions](/apigee/docs/hybrid/supported-platforms#supported-versions).\n\nHow to configure TLS for Cassandra in the runtime plane\n-------------------------------------------------------\n\n\nCassandra provides secure communication between a client machine and a database\ncluster and between nodes within a cluster. Enabling encryption ensures that data\nin flight is not compromised and is transferred securely. In Apigee hybrid, TLS is\nenabled by default for any communication between Cassandra nodes and between clients and\nCassandra nodes.\n\nAbout Cassandra user authentication\n-----------------------------------\n\n\nThe hybrid platform uses Cassandra as the backend datastore for runtime\nplane data. By default, any of the client communications to Cassandra\nrequires authentication. There are three users used by clients that communicate\nwith Cassandra. Default passwords are provided for these users, and you are not\nrequired to change them.\n\nThese users,\nincluding a default user, are described below:\n\n- **DML User**: Used by the client communication to read and write data to Cassandra (KMS, KVM, Cahce and Quota).\n- **DDL User:** Used by MART for any of the data definition tasks like keyspace creation, update, and deletion.\n- **Admin User:** Used for any administrative activities performed on cassandra cluster.\n- **Default Cassandra user:** Cassandra creates a default user when Authentication is enabled and the username is `cassandra`\n\nChanging the default passwords\n------------------------------\n\n\nApigee hybrid provides default passwords for the Cassandra users. If you want to change\nthe default user passwords, you can do so in the\n`overrides.yaml` file. Add the following configuration, change the default\npasswords (\"iloveapis123\") as you wish, and apply the change to\nyour cluster.\n\n\nAll the usernames must be in lowercase. \n\n```actionscript-3\ncassandra:\n auth:\n default: ## the password for the new default user (static username: cassandra)\n password: \"iloveapis123\"\n admin: ## the password for the admin user (static username: admin_user)\n password: \"iloveapis123\"\n ddl: ## the password for the DDL User (static username: ddl_user)\n password: \"iloveapis123\"\n dml: ## the password for the DML User (static username: dml_user)\n password: \"iloveapis123\"\n```\n\n\nNote the following:\n\n- Certificate Authority (CA) rotation is not supported.\n- A server certificate which is generated with passphrase is not supported.\n\nCheck the Cassandra logs\n------------------------\n\n\nCheck the logs as soon as the Cassandra starts up. The log below shows you that the\nCassandra client connections are encrypted. \n\n```\nkubectl logs apigee-cassandra-2 -n apigee -f\n\nINFO 00:44:36 Starting listening for CQL clients on /10.0.2.12:9042 (encrypted)...\nINFO 00:44:36 Binding thrift service to /10.0.2.12:9160\nINFO 00:44:36 enabling encrypted thrift connections between client and server\nINFO 00:44:36 Listening for thrift clients...\n```"]]
