We just released our first alpha of Percona XtraBackup 2.1 for MySQL and with it we included the ability to encrypt backups on the fly (full documentation here). This feature is different than simply piping the backup stream through the openssl or gpg binaries, which is what some people have used in the past. A big benefit of using the built-in encryption is that multiple CPU cores can be used for encryption (with the --encrypt-threads option). You can also combine compression and encryption, each using multiple CPU cores.
One advantage of encrypting your backups is it means you can place less trust in the place where you store your backups. Our databases hold a variety of information, some of which is rather sensitive and should be kept private. One attack vector for an adversary gaining access to all of your data is via a backup.
By using Percona XtraBackup encryption your data is private by design rather than private by placing trust in your mysql backup storage provider. This is especially an issue if you are using cloud storage to store your backups but also applies to simple off-site backups.
Percona XtraBackup 2.1.0-alpha1 supports industry standard AES encryption and we use an existing software library (libgcrypt) to do the heavy lifting so we are in no way re-inventing the wheel. You can download it here for free.
Resources
RELATED POSTS
“We just released our first alpha of Percona XtraBackup for MySQL 2.1”
Is anybody even still using MySQL 2.1?
Or do you actually mean “We just released our first alpha of Percona XtraBackup 2.1 for MySQL” which would make more sense.
Just thinking about how google is going to index your page. You product sounds pretty cool, especially with the multi-core encrypt threads.
Hi Michael, that’s a good catch. I’ll edit that for clarity on Stewart’s behalf because he’s out today.