Encrypting File-Per-Table Tablespace

An file-per-table tablespace stores the table data and the indexes for a single InnoDB table. In this tablespace configuration, each table is stored in an .ibd file.

The architecture for data at rest encryption for file-per-table tablespace has two tiers:

  • Master key
  • Tablespace keys.

The keyring plugin must be installed and enabled. The file_per_table tablespace inherits the schema default encryption setting,unless you explicitly define encryption in the CREATE TABLE statement.

An example of the CREATE TABLE statement:

mysql> CREATE TABLE sample (id INT, mytext varchar(255)) ENCRYPTION='Y';

An example of an ALTER TABLE statement.


Without the ENCRYPTION option in the ALTER TABLE statement, the table’s encryption state does not change. An encrypted table remains encrypted. An unencrypted table remains unencrypted.

See also

MySQL Documentation: - File-Per-Table Encryption

Contact Us

For free technical help, visit the Percona Community Forum.
To report bugs or submit feature requests, open a JIRA ticket.
For paid support and managed or professional services, contact Percona Sales.