Encrypting Percona XtraDB Cluster (PXC)

Wednesday 3:20 PM - 4:10 PM

@ Wallstreet 3


50 minutes conference


Case Studies/Use cases, Operations

The purpose of the talk is to present how to enable SSL and data-at-rest encryption and to how SSL and data-at-rest encryption work in under-the-hood of Percona XtraDB Cluster. The presentation will cover a process of making Percona XtraDB Cluster (PXC) secure.
- A configuration of Client-Server Traffic encryption. Is there any difference between C-S encryption in PXC and PS?
- A configuration of replication encryption (SST, IST). How does it work under-the-hood?
- How to make things more comfortable with the pxc-encrypt-cluster-traffic variable.
- PXC data-at-rest encryption. How does it work? How to configure it?
Is there any part of data that is unencrypted? Yes.
- Temporary files encryption.
- Binlog encryption. Possible or not?
- keyring_file. Is useful? How to make it profitable?
- keyring_vault. How does it work?
- Is Mix-match keyring plugins possible? Yes, but useful only when transitioning from keyring_file.
- What is happening in SST when data-at-rest is enabled?
- Performance overhead.


Iwo Panowicz

Iwo Panowicz (Percona)

Senior Support Enigneer


Iwo is a Percona Support Engineer (EMEA) since August 2017.

Prior to joining Percona Iwo was a System Administrator for more than 10 years with a focus on high availability, performance and automation. He also was helping many companies in designing infrastructure and ha/failover solutions.

Connect with Percona

Stay Connected on:

Percona Live Conferences

The Percona Live Open Source Database Conferences are the premier event for the diverse and active open source database community, as well as businesses that develop and use open source database software.

Contact Us

For general information about the event/expo/conference, including registration, please contact us at:

  • info(@) percona.com
  • +1-888-401-3401
  • +1-919-948-2863