# Data-at-Rest Encryption - [Data-at-Rest Encryption (TDE) Fundamentals](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/data-at-rest-encryption-tde-fundamentals.md) - [Managing Binary Log Encryption](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/managing-binary-log-encryption.md) - [Aria Encryption](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/aria-encryption.md): Learn about Aria encryption in MariaDB Server for data at rest. This section details how to encrypt Aria tablespaces, providing enhanced security for your stored data. - [Aria: Encryption Overview](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/aria-encryption/aria-encryption-overview.md): Introduction to encrypting Aria tables, covering the necessary system variables (aria\_encrypt\_tables, encrypt\_tmp\_disk\_tables) and how to verify encryption status by inspecting data files. - [Aria: Enabling Encryption](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/aria-encryption/aria-enabling-encryption.md): Step-by-step guide to enabling encryption for user-created and internal temporary Aria tables, including the requirement to manually rebuild existing tables using ALTER TABLE. - [Aria: Encryption Keys](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/aria-encryption/aria-encryption-keys.md): Details how Aria manages encryption keys (using ID 1 for user tables and ID 2 for temporary tables) and notes limitations regarding key rotation and per-table key assignment. - [Aria: Disabling Encryption](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/aria-encryption/aria-disabling-encryption.md): Instructions for safely disabling encryption on Aria tables, emphasizing the need to rebuild tables to an unencrypted state before removing key management plugins. - [InnoDB Encryption](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/innodb-encryption.md): Learn about InnoDB encryption for data at rest. This section details how to encrypt InnoDB tablespaces, ensuring strong data security and compliance for your mission-critical applications. - [InnoDB: Encryption Overview](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/innodb-encryption/innodb-encryption-overview.md): Introduction to InnoDB's encryption architecture, explaining how data is encrypted/decrypted during disk I/O, the role of the buffer pool (where data is unencrypted), and how to verify encryption stat - [InnoDB: Enabling Encryption](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/innodb-encryption/innodb-enabling-encryption.md): Step-by-step guide to enabling encryption for InnoDB, covering the configuration of innodb\_encrypt\_tables for automatic encryption and the use of ENCRYPTED=YES table options for per-table encryption. - [InnoDB: Encryption Keys](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/innodb-encryption/innodb-encryption-keys.md): How InnoDB manages encryption keys using 32-bit integer IDs, including the default key ID (innodb\_default\_encryption\_key\_id), assigning specific keys to tables, and the process of key rotation. - [InnoDB: Disabling Encryption](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/innodb-encryption/disabling-innodb-encryption.md): Instructions for safely disabling encryption on InnoDB tables, emphasizing the critical need to decrypt all tablespaces and redo logs using background threads or ALTER TABLE. - [InnoDB: Background Encryption Threads](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/innodb-encryption/innodb-background-encryption-threads.md): Details the operation of background threads (configured via innodb\_encryption\_threads) which handle key rotation, and the encryption/decryption of tablespaces when global settings. - [InnoDB: Encryption Troubleshooting](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/innodb-encryption/innodb-encryption-troubleshooting.md): Solutions for common issues such as Error 1005 (Wrong create options) when configuring encryption, and handling cases where encryption key IDs are set for unencrypted tables. - [Key Management and Encryption Plugins](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins.md): Explore key management and encryption plugins for MariaDB Server. This section details how to manage encryption keys and leverage plugins for robust data-at-rest protection. - [Encryption Key Management](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/encryption-key-management.md): Overview of key management in MariaDB, discussing the need for plugins to manage encryption keys, support for multiple keys (ID 1 for system, ID 2 for temp), and key rotation capabilities. - [File Key Management Encryption Plugin](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/file-key-management-encryption-plugin.md): Details the File Key Management plugin, which reads encryption keys from a plain-text (or encrypted) file, serving as a simple solution or reference implementation for data-at-rest encryption. - [AWS Key Management Encryption Plugin](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/aws-key-management-encryption-plugin.md): Introduction to the AWS Key Management plugin, which uses Amazon KMS to generate and store master keys, decrypting them at startup to enable data-at-rest encryption with key rotation support. - [Amazon Web Services (AWS) Key Management Service (KMS) Encryption Plugin Advanced Usage](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/aws-key-management-encryption-plugin-advanced-usage.md): Step-by-step tutorial for setting up the AWS KMS plugin, covering the creation of a Customer Master Key (CMK) in AWS, configuring IAM roles for EC2, and installing the plugin from source. - [Amazon Web Services (AWS) Key Management Service (KMS) Encryption Plugin Setup Guide](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/aws-key-management-encryption-plugin-setup-guide.md): Advanced configuration guide for the AWS KMS plugin, detailing how to secure key access using IAM policies, restrict usage by IP address, and implement Multi-Factor Authentication (MFA). - [Hashicorp Key Management Plugin](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/hashicorp-key-management-plugin.md): Guide to using the HashiCorp Key Management plugin, which integrates MariaDB with HashiCorp Vault for centralized, secure key storage and lifecycle management. - [Uninstall Key Management Plugins](https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/uninstall-key-management-plugins.md): Final step of removing key management plugins from the configuration once all data and logs have been confirmed as unencrypted. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.