Managing InfluxDB security
This page documents an earlier version of InfluxDB. InfluxDB v2.7 is the latest stable version.
Some customers may choose to install InfluxDB with public internet access, however doing so can inadvertently expose your data and invite unwelcome attacks on your database.
If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user.
Check out the sections below for how protect the data in your InfluxDB instance.
Enabling authentication
Password protect your InfluxDB instance to keep any unauthorized individuals from accessing your data.
Resources: Set up Authentication
Managing users and permissions
Restrict access by creating individual users and assigning them relevant read and/or write permissions.
Resources: User Types and Privileges, User Management Commands
Enabling HTTPS
Using HTTPS secures the communication between clients and the InfluxDB server, and, in some cases, HTTPS verifies the authenticity of the InfluxDB server to clients (bi-directional authentication).
Resources: Enabling HTTPS
Securing your host
Ports
If you’re only running InfluxDB, close all ports on the host except for port 8086.
You can also use a proxy to port 8086.
InfluxDB uses port 8088 for remote backups and restores.
We highly recommend closing that port and, if performing a remote backup,
giving specific permission only to the remote machine.
AWS recommendations
We recommend implementing on-disk encryption; InfluxDB does not offer built-in support to encrypt the data.
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for InfluxDB and this documentation. To find support, use the following resources:
InfluxDB Cloud and InfluxDB Enterprise customers can contact InfluxData Support.