Overview

MariaDB Enterprise Server and MariaDB Community Server support data-at-rest encryption, which secures data on the file system. The server and storage engines encrypt data before writing and decrypt it during reads, ensuring that the data is only unencrypted when accessed directly through the server.

Encryption Plugins

Storage Engine Encryption

Replication Cache Encryption

Additional information is available on the page.

When to Use the AWS KMS Encryption Plugin?

The AWS KMS Encryption Plugin (aws_key_management) allows you to:

• Use to manage MariaDB's encryption keys.

Overview

MariaDB Enterprise Server and MariaDB Community Server support , which secures data on the file system. The server and storage engines encrypt data before writes and decrypt it during reads, ensuring that the data is only unencrypted when accessed directly through the server.

In many versions of MariaDB Server, the GCache used by Galera Cluster does not support data-at-rest encryption.

However, MariaDB Enterprise Server 10.4 and later support an enterprise version of Galera 4, which adds support for encrypting the GCache.

In those versions, the GCache supports the following data-at-rest encryption features:

• The GCache can be automatically encrypted.

For more information, see the following resources:

Overview

MariaDB Enterprise Server and MariaDB Community Server support , which secures data on the file system. The server and storage engines encrypt data before writing and decrypt during reads, ensuring that the data is only unencrypted when accessed directly through the server.

They support multiple encryption plugins, which are suited for different use cases.