Encrypting InnoDB Data

Overview

MariaDB Enterprise Server and MariaDB Community Server supports data-at-rest encryption, which secures data on the file system. The server and storage engines encrypt data before writes and decrypts during reads, ensuring that the data is only unencrypted when accessed directly through the server.

InnoDB supports the following data-at-rest encryption features:

  • All tables can be automatically encrypted.

  • Specific tables can be manually encrypted.

  • The InnoDB redo log can be encrypted.

  • Different tables can be encrypted using different encryption keys.

  • Key rotation is supported.

  • Background encryption threads perform encryption operations.

  • Information schema tables provide details about which tables are encrypted, and what background encryption operations are currently being performed.

Additional information is available on the MariaDB Knowledge Base.