SurrealDB

Security is foundational to any modern database - and a key concern for architects, engineering leaders, and enterprise buyers.

SurrealDB has been designed from the ground up with security in mind. It provides robust authentication options, fine-grained access control, encryption in transit, and extensive auditing features. ​

For the latest certifications, policies, and security updates, visit the <a href="https://trust.surrealdb.com/" rel="nofollow noopener noreferrer" target="_blank">SurrealDB Trust Centre</a>. ​

This article details the security architecture of SurrealDB and provides guidance on how to deploy it safely in production - whether you are handling sensitive PII, operating in a regulated industry, or simply building secure applications.

___________________________________________________________

Supports SurrealDB-native users and password-based authentication.

Supports OAuth 2.0, OpenID Connect, SAML, and LDAP for integration with corporate identity providers.

Extensible via application-level JWTs or external identity proxies.

Define granular read, write, and delete permissions per role, per resource 

Manage access to data and schema via roles and user groups.

SurrealDB namespaces and databases allow strong separation of tenant data in SaaS architectures.

Supports strong encryption for data persisted on disk or cloud storage.

All communication can be secured with TLS to prevent eavesdropping and MITM attacks.

Record sensitive operations and changes for compliance tracking and forensic investigation.

Integrates with modern observability stacks - capture metrics on query performance, slow queries, and operational status.

Compatible with popular log collection and SIEM tools.

For the latest details, visit the <a href="https://trust.surrealdb.com/" rel="nofollow noopener noreferrer" target="_blank">SurrealDB Trust Centre</a>.

GDPR: Fully compatible with GDPR requirements for data privacy and control.

ISO 27001: The SurrealDB company is ISO 27001 certified for information security management.

SOC 2 Type 1: Achieved. SOC 2 Type 2, Cyber Essentials Plus and HIPAA certifications are all in progress.

Regulatory Use Cases: Designed to meet the needs of companies in financial services, healthcare, and other regulated industries.

- GDPR: Fully compatible with GDPR requirements for data privacy and control.
- ISO 27001: The SurrealDB company is ISO 27001 certified for information security management.
- SOC 2 Type 1: Achieved. SOC 2 Type 2, Cyber Essentials Plus and HIPAA certifications are all in progress.
- Regulatory Use Cases: Designed to meet the needs of companies in financial services, healthcare, and other regulated industries.

Deploy SurrealDB behind a secure reverse proxy with proper TLS termination.

Enforce authentication for all database connections - avoid anonymous access in production.

Use namespaces and databases to enforce logical separation of multi-tenant data.

Apply least-privilege principles with RBAC and per-query permission rules.

Continuously monitor audit logs and metrics for anomalous behaviour.

- Deploy SurrealDB behind a secure reverse proxy with proper TLS termination.
- Enforce authentication for all database connections - avoid anonymous access in production.
- Use namespaces and databases to enforce logical separation of multi-tenant data.
- Apply least-privilege principles with RBAC and per-query permission rules.
- Continuously monitor audit logs and metrics for anomalous behaviour.

<a href="" rel="nofollow noopener noreferrer" target="_blank">SurrealDB Trust Centre</a>

<a href="https://surrealdb.com/docs/surrealdb/security" rel="nofollow noopener noreferrer" target="_blank">Security docs overview</a>

<a href="https://surrealdb.com/docs/surrealdb/reference-guide/security-best-practices" rel="nofollow noopener noreferrer" target="_blank">Security best practices</a>

- <a href="" rel="nofollow noopener noreferrer" target="_blank">SurrealDB Trust Centre</a>
- <a href="https://surrealdb.com/docs/surrealdb/security" rel="nofollow noopener noreferrer" target="_blank">Security docs overview</a>
- <a href="https://surrealdb.com/docs/surrealdb/reference-guide/security-best-practices" rel="nofollow noopener noreferrer" target="_blank">Security best practices</a>

How SurrealDB supports enterprise-grade security and compliance - architecture, certifications, best practices, and the Trust Centre

Security and compliance

Copyright © SurrealDB Ltd. Registered in England and Wales. Company no. 13615201 ​Registered address: 3rd Floor 1 Ashley Road, Altrincham, Cheshire, WA14 2DT, United Kingdom ​Trading address: Huckletree Oxford Circus, 213 Oxford Street, London, W1D 2LG, United Kingdom

Docs

Home

Surreal Cloud

Releases

Surrealist

Pricing

Enterprise

Database

Trust Centre

Case studies

Status

Legal

Company

Products

Resources

Community

Learn

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

No tickets created by you

Try using different keywords or checking for typos.

No tickets found

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

Tickets

No access to tickets portal

English

url(https://downloads.intercomcdn.com/i/o/xaac4vhr/717397/462ed4450df4d5064ec1e2de2bd1/0ff7637660f9f47189b6ff7b3db6a76a.png)

Security and compliance

Overview

Authentication and identity

Built-in authentication

Enterprise identity integration

Custom authentication

Authorisation and access control

Fine-grained table and field permissions

Role-based access control (RBAC)

Multi-tenant isolation

Encryption

Data at rest

Data in transit

Audit and monitoring

Audit logging

Observability

Third-party monitoring

Compliance and certifications

Security best practices for deployment

Learn more