MySQL Enterprise Transparent Data Encryption (TDE)

仅在部分商业版中提供

MySQL Enterprise Transparent Data Encryption (TDE) protects your critical data by enabling data-at-rest encryption in the database. It protects the privacy of your information, prevents data breaches and helps meet regulatory requirements including:

  • Payment Card Industry Data Security Standard (PCI DSS)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • General Data Protection Regulation (GDPR)
  • California Consumer Protection Act (CCPA)
  • And more
MySQL Enterprise Transparent Data Encryption (TDE)

MySQL Enterprise Transparent Data Encryption (TDE)

Data at Rest Encryption

MySQL Enterprise TDE enables data-at-rest encryption by encrypting the physical files of the database. Data is encrypted automatically, in real time, prior to writing to storage and decrypted when read from storage. As a result, hackers and malicious users are unable to read sensitive data directly from database files. MySQL Enterprise TDE uses industry standard AES algorithms.

File encryption coverage:

Encryption Key Management and Rotation

MySQL Enterprise TDE uses a two-tier encryption key architecture, consisting of a master encryption key and tablespace keys providing easy key management and rotation. Tablespace keys are managed automatically over secure protocols while the master encryption key is stored in a centralized key management solution such as:

Oasis KMIP protocol implementations:

MySQL Enterprise TDE also supports HTTPS based APIs for Key Management such as:

MySQL enforces clear separation of keys from encrypted data using these centralized key management solutions automate key rotation and storing historical keys.

Transparent Protection

Database table encryption and decryption occurs without any additional coding, data type or schema modifications. Also, users and applications continue to access data transparently, without changes. MySQL Enterprise TDE gives developers and DBAs the flexibility to encrypt/decrypt existing MySQL tables that have not already been encrypted.

High Performance

MySQL Enterprise TDE leverages database caching to achieve high performance and requires zero downtime to implement.