I want to enable Transparent Data encryption (TDE) on MySQL. I don't mind if the entire db is encrypted (as opposed to a few columns or rows or tables). I am using this for a study, so I am looking for something that is open and free. I found zNcrypt but it's a commercial product. They are essentially using eCryptfs which is open-source, but couldn't find a way to rightly configure it for MySQL. Any pointers on using eCryptfs with MySQL or any other solution for enabling TDE with MySQL would be very helpful. Thanks!
How can I use transparent data encryption with MySQL?
Asked Answered
I see this question is relatively old, but just in case:
eCryptfs can be considered a filesystem, so, you should just need to mount it, and then point your MySQL datadir to the mounted directory. The only drawback is that it doesn't seems to support O_DIRECT, but I don't think MySQL uses it, does it?
Ildefonso, it's always okay to answer older questions if they have not been adequately answered before ... it helps anyone else who comes across it, so thank you for contributing. –
Fpc
Thanks @ildefonso-camargo, that's what I ended up doing. Since I was just experimenting, the setup worked fine for me. I am not entirely sure, if there are more subtleties involved for someone who wants to use it on production. MySQL InnoDB uses O_DIRECT if you set it to. See
innodb_flush_method –
Schematism @rahul yes, same goes for PostgreSQL. I would suggest using LUKS instead of eCryptfs in that case, also, it also seems to have better performance after running several tests, I think I should blog about these tests...... –
Fortin
© 2022 - 2024 — McMap. All rights reserved.