MariaDB can encrypt data stored in Aria. This include both Aria tables and Aria on-disk temporary tables. This ensures that your Aria data is only accessible through MariaDB.

For encryption with the InnoDB and XtraDB storage engines, see Encrypting Data for InnoDB/XtraDB.

Table Encryption

When working with tables that use the Aria storage engine, you can enable data-at-rest encryption only for those tables that have the ROW_FORMAT table option set to PAGE, (which is the default). Encryption is not available on tables where the format is set to DYNAMIC or FIXED.

Enabling encryption of Aria tables is done using the aria_encrypt_tables Aria system variable. When set, all PAGE formatted tables are encrypted.

# vi /etc/my.cnf

aria_encrypt_tables = ON

MariaDB then encrypts all tables using the Aria storage engine and the appropriate row format.

Temporary Table Encryption

When using the MEMORY storage engine, MariaDB attempts to store all of your data in memory. The maximum size of table data cannot exceed the value given to the max_heap_table_size system variable. When it does, MariaDB writes the data to disk as a temporary table using the Aria storage engine.

Encryption for these temporary tables is handled separately, using the encrypt_tmp_disk_tables server system variable.

# vi /etc/my.cnf

encrypt_tmp_disk_tables = ON

MariaDB then creates and uses a random encryption key for every new temporary table.


Comments loading...