Encrypting Galera Cluster's GCache

Overview

MariaDB Enterprise Server and MariaDB Community Server supports data-at-rest encryption, which secures data on the file system. The server and storage engines encrypt data before writes and decrypts during reads, ensuring that the data is only unencrypted when accessed directly through the server.

In many versions of MariaDB Server, the GCache used by Galera Cluster does not support data-at-rest encryption.

However, MariaDB Enterprise Server 10.4 and later support an enterprise version of Galera 4, which adds support for encrypting the GCache.

In those versions, the GCache supports the following data-at-rest encryption features:

  • The GCache can be automatically encrypted.

For more information, see the following resources: