# Aria: Encryption Overview

MariaDB can encrypt data in tables that use the [Aria storage engine](/docs/server/server-usage/storage-engines/aria.md). This includes both user-created tables and internal on-disk temporary tables that use the Aria storage engine. This ensures that your Aria data is only accessible through MariaDB.

For encryption with the InnoDB and XtraDB storage engines, see [Encrypting Data for InnoDB/XtraDB](/docs/server/security/encryption/data-at-rest-encryption/innodb-encryption/innodb-encryption-overview.md).

## Basic Configuration

In order to enable encryption for tables using the [Aria storage engine](/docs/server/server-usage/storage-engines/aria.md), there are a couple server system variables that you need to set and configure. Most users will want to set [aria\_encrypt\_tables](/docs/server/server-usage/storage-engines/aria/aria-system-variables.md#aria_encrypt_tables) and [encrypt\_tmp\_disk\_tables](/docs/server/server-management/variables-and-modes/server-system-variables.md#encrypt_tmp_disk_tables).

Users of data-at-rest encryption will also need to have a [key management and encryption plugin](/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/encryption-key-management.md) configured. Some examples are [File Key Management Plugin](/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/file-key-management-encryption-plugin.md) and [AWS Key Management Plugin](/docs/server/security/encryption/data-at-rest-encryption/key-management-and-encryption-plugins/aws-key-management-encryption-plugin.md).

```ini
[mariadb]
# File Key Management
plugin_load_add = file_key_management
file_key_management_filename = /etc/mysql/encryption/keyfile.enc
file_key_management_filekey = FILE:/etc/mysql/encryption/keyfile.key
file_key_management_encryption_algorithm = AES_CTR

# Aria Encryption
aria_encrypt_tables=ON
encrypt_tmp_disk_tables=ON
```

## Determining Whether a Table is Encrypted

The [InnoDB storage engine](/docs/server/server-usage/storage-engines/innodb.md) has the [information\_schema.INNODB\_TABLESPACES\_ENCRYPTION table](/docs/server/reference/system-tables/information-schema/information-schema-tables/information-schema-innodb-tables/information-schema-innodb_tablespaces_encryption-table.md) that can be used to get information about which tables are encrypted. Aria does not currently have anything like that (see [MDEV-17324](https://jira.mariadb.org/browse/MDEV-17324) about that).

To determine whether an Aria table is encrypted, you currently have to search the data file for some plain text that you know is in the data.

For example, let's say that we have the following table:

```sql
SELECT * FROM db1.aria_tab LIMIT 1;
+----+------+
| id | str  |
+----+------+
|  1 | str1 |
+----+------+
1 row IN SET (0.00 sec
```

Then, we could search the data file that belongs to `db1.aria_tab` for `str1` using a command-line tool, such as [strings](https://linux.die.net/man/1/strings):

```bash
$ sudo strings /var/lib/mysql/db1/aria_tab.MAD | grep "str1"
str1
```

If you can find the plain text of the string, then you know that the table is not encrypted.

## Encryption and the Aria Log

Only Aria tables are currently encrypted. The [Aria log](/docs/server/server-usage/storage-engines/aria/aria-faq.md#differences-between-aria-and-myisam) is not yet encrypted. See [MDEV-8587](https://jira.mariadb.org/browse/MDEV-8587).

<sub>*This page is licensed: CC BY-SA / Gnu FDL*</sub>

{% @marketo/form formId="4316" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://mariadb.com/docs/server/security/encryption/data-at-rest-encryption/aria-encryption/aria-encryption-overview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.