MySQL Secure Deployment Guide  /  Transparent Data Encryption (TDE) and MySQL Keyring

Appendix A Transparent Data Encryption (TDE) and MySQL Keyring

MySQL Server supports Transparent Data Encryption (TDE), which protects critical data by enabling data-at-rest encryption. Data-at-rest encryption is supported by the MySQL Keyring feature, which provides plugin-based support for key management solutions such as:

  • Oracle Key Vault

  • Gemalto SafeNet KeySecure Appliance

  • Thales Vormetric Key Management Server

  • Fornetix Key Orchestration

  • Amazon Web Services Key Management Service

  • Hashicorp Vault

For information about the MySQL Keyring feature and supported plugins, see The MySQL Keyring.

After a keyring plugin is installed and configured, encryption can be enabled for:

  • File-per-table tablespaces

  • General tablespaces

  • The mysql system tablespace

  • Redo logs

  • Undo logs

For more information, see InnoDB Data-at-Rest Encryption.

Encryption is also supported for: