Delete data after encryption or decryption
After you encrypt your table, a new row of encrypted data is added, but the original data still exists in plaintext. Likewise, after decrypting your data, the ciphertext remains on the table. We strongly recommend you to remove this data.
Deleting old data after encryption removes the plaintext from the columns you have encrypted. The columns are set to NULL. If the column is not nullable, the values in the column are assigned a different value depending on the database and data type.
The following table shows what values are assigned to non-nullable columns during data encryption.
| Data Type | Value |
|---|---|
| CHAR | “ ” (empty string) |
| VARCHAR | “ ” (empty string) |
| All others | 0 |
Prerequisite
The pdbctl utility must be installed. Refer to pdbctl utility documents for details.
Steps
To delete old data after encryption or decryption, run the following command:
Flags description
The following table describes the flags and parameters associated with this command:
| Flag | Data Type | Description |
|---|---|---|
| -b | int | Batch size. Default value is 1000. This is an optional parameter. |
| -a | string | Database alias associated with the database user. |
| -h | Flag to view help for delolddata command. | |
| -t | string | Table name that contains old data. |
| -- verbose | Print verbose logs. |
Example
The following sample command deletes old data for the table CUSTOMERS.
The output shows the status of the operation:
