Encrypting File-Per-Table Tablespace

An file-per-table tablespace stores the table data and the indexes for a single InnoDB table. In this tablespace configuration, each table is stored in an .ibd file.

The architecture for data at rest encryption for file-per-table tablespace has two tiers:

  • Master key
  • Tablespace keys.

The keyring plugin must be installed and enabled. The file_per_table tablespace inherits the schema default encryption setting,unless you explicitly define encryption in the CREATE TABLE statement.

An example of the CREATE TABLE statement:

mysql> CREATE TABLE sample (id INT, mytext varchar(255)) ENCRYPTION='Y';

An example of an ALTER TABLE statement.

mysql> ALTER TABLE ... ENCRYPTION='Y';

Without the ENCRYPTION option in the ALTER TABLE statement, the table’s encryption state does not change. An encrypted table remains encrypted. An unencrypted table remains unencrypted.

See also

MySQL Documentation: - File-Per-Table Encryption

Contact Us

For free technical help, visit the Percona Community Forum.
To report bugs or submit feature requests, open a JIRA ticket.
For paid support and managed or professional services, contact Percona Sales.