MySQL Secure Deployment Guide  /  Transparent Data Encryption (TDE)

Appendix A Transparent Data Encryption (TDE)

MySQL Server supports Transparent Data Encryption (TDE), which protects critical data by enabling data-at-rest encryption. Data-at-rest encryption is supported by the MySQL Keyring feature, which is plugin-based. For information about the MySQL Keyring feature and keyring plugins, see The MySQL Keyring.

After a keyring plugin is installed and configured, encryption can be enabled for:

  • File-per-table tablespaces

  • General tablespaces

  • The mysql system tablespace

  • Redo logs

  • Undo logs

For more information, see InnoDB Data-at-Rest Encryption.

Encryption is also supported for: