MySQL supports transparent data encryption, which provides data-at-rest encryption for physical tablespace data files. This feature uses a two-tier encryption key architecture, consisting of a master encryption key and tablespace keys. When a table is encrypted, a tablespace key is encrypted and stored in the tablespace header. When an application user wants to access the encrypted tablespace data, a master encryption key is used to decrypt the tablespace key. When integrated with CipherTrust Manager, the master encryption key resides on CipherTrust Manager.
Supported Product Versions
- CipherTrust Manager 2.3 and higher
- MySQL 8.0.27 and higher
- Red Hat Enterprise Linux 7
Ensure that the CipherTrust Manager is installed and configured. For more details, refer to the CipherTrust Manager documentation for details.
Ensure that the KMIP interface is configured on the CipherTrust Manager. MySQL communicates with the CipherTrust Manager using the KMIP interface. Refer to the CipherTrust Manager documentation for details.
IP address of the CipherTrust Manager and port of the KMIP interface are accessible from MySQL.
Ensure that KMIP client is registered. CipherTrust Manager recognizes only registered KMIP clients. Refer to KMIP Client Registration for details.