MySQL Secure Deployment Guide  /  Transparent Data Encryption (TDE) and MySQL Keyring

Appendix A Transparent Data Encryption (TDE) and MySQL Keyring

MySQL Server supports Transparent Data Encryption (TDE), which protects critical data by enabling data-at-rest encryption. Data-at-rest encryption is supported by the MySQL Keyring feature, which provides plugin-based support for key management solutions such as:

  • Oracle Key Vault

  • Gemalto SafeNet KeySecure Appliance

  • Thales Vormetric Key Management Server

  • Fornetix Key Orchestration

  • Amazon Web Services Key Management Service

For information about the MySQL Keyring feature and supported plugins, see The MySQL Keyring.

After a keyring plugin is installed and configured, encryption can be enabled for:

Encryption is also supported for backups. See Encryption for Backups, and Working with Encrypted InnoDB Tablespaces.