MySQL Secure Deployment Guide / Transparent Data Encryption (TDE) and MySQL Keyring

Appendix A Transparent Data Encryption (TDE) and MySQL Keyring

MySQL Server supports Transparent Data Encryption (TDE), which protects critical data by enabling data-at-rest encryption. Data-at-rest encryption is supported by the MySQL Keyring feature, which provides plugin-based support for key management solutions such as:

Oracle Key Vault
Gemalto SafeNet KeySecure Appliance
Thales Vormetric Key Management Server
Fornetix Key Orchestration
Amazon Web Services Key Management Service
Hashicorp Vault

For information about the MySQL Keyring feature and supported plugins, see The MySQL Keyring.

After a keyring plugin is installed and configured, encryption can be enabled for:

File-per-table tablespaces
General tablespaces
The mysql system tablespace
Redo logs
Undo logs

For more information, see InnoDB Data-at-Rest Encryption.

Encryption is also supported for:

Binary log files and relay log files. See Encrypting Binary Log Files and Relay Log Files.
Audit log files. See Encrypting Audit Log Files.
Backups. See Encryption for Backups, and Working with Encrypted InnoDB Tablespaces.

PREV HOME UP NEXT