How can I enable Transparent Data encryption (TDE) on MySQL 5.6

Question

I am looking to perform real-time I/O encryption and decryption on MySQL 5.6 Database. I have few questions to understand Transparent Date Encryption (TDE): Note: I am using AlibabaCloud

1. Can I Activate / Deactivate TDE any time
2. Is there any key / Certificate required for Encryption / Decryption
3. Is there any effect on Server Memory / CPU Usage

I appreciate any assistance with this

Answer 1

Transparent Data Encryption (TDE) can be used to perform real-time I/O encryption and decryption on instance data files. To increase data security, you can enable TDE to encrypt instance data. Data is encrypted before it is written to disk and decrypted when it is read from disk. TDE does not:

Increase the size of the data file. Require developers to make any code changes to use TDE. Alibaba Cloud ApsaraDB for RDS fully supports TDE for MySQL. In this article, we will look at setting up TDE for MySQL on Alibaba Cloud.

Note: TDE is currently only applicable to SQL Server 2008 R2 and MySQL 5.6. To view or modify TDE settings, you need to log in with an Alibaba Cloud account rather than a RAM account.

Setting Up TDE on ApsaraDB for RDS

To enable TDE on Alibaba Cloud:

Go to the RDS Management Console, select the appropriate RDS instance. Under Security Control, TDE tab you will be able to find the option to enable TDE.

This feature will allow encryption of data while at rest. The encryption of data while in transit is still the responsibility of the user and is outside the purview of this document.

Encrypting Tables

Log in to the database and execute the following command to encrypt the table to be encrypted.

alter table  engine＝innodb block_format=encrypted;

Decrypting Tables

If you want to decrypt the TDE encrypted table, execute the following command.

alter table  engine＝innodb block_format=default;

You can find detailed TDE documentation here