MySQL Workbench is a versatile visual tool for database design, SQL development, and server administration. It offers advanced data modeling, query building, and MySQL-specific features for easier management of MySQL databases. This section demonstrates the following tasks:Documentation Index
Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
Use this file to discover all available pages before exploring further.
- Connect to your MySQL Server from MySQL Workbench.
- Use MySQL Workbench to create a new database table with Transparent Data Encryption (TDE) enabled. This generates an AES-256 key on the CryptoHub that serves as the master encryption key for MySQL TDE.
- Insert example data into the table and list the contents to verify that the data is decrypted transparently.
- Confirm that you can successfully rotate the master encryption key stored on the CryptoHub.
Connect to MySQL Server
Perform the following steps to connect to your MySQL Server instance using MySQL Workbench:In the Setup New Connection window, input the details of your MySQL server connection.
| Option | Description or required configuration |
|---|---|
| Connection Name | A label for your reference. |
| Connection Method | Typically, select Standard (TCP/IP) to connect to a standard MySQL server. Other methods, such as TCP/IP over SSH or a local socket or pipes for local connections, are available. |
| Hostname | The IP address or domain name of the MySQL server you’re connecting to. You can use localhost if your MySQL server is on the same machine as your MySQL Workbench. |
| Port | The port number that the MySQL server is listening on. The default MySQL port is 3306. |
| Username | The username you use to authenticate with the MySQL server. |
| Password | If your account requires a password, select [ Store in Vault… ] to enter and save your password |
After you enter the preceding details, select [ Test Connection ] to ensure that your settings are correct and that MySQL Workbench can reach the MySQL server.
Create a database table
Perform the following steps to create a new database table with TDE enabled:Insert data into the table
Perform the following steps to insert example data into the table:Verify the data
Perform the following steps to verify that the data decrypts transparently:
From the user perspective, Transparent Data Encryption (TDE) use is truly transparent: data is automatically decrypted when you select it, and you won’t see any difference compared to unencrypted data. TDE is about securing data at rest—that is, the data files on disk are encrypted. When data is read from disk into memory, the MySQL server automatically decrypts it. When data is written back to disk, it’s automatically encrypted. So, as a user, you won’t see any difference between encrypted and unencrypted data when you’re querying it. The encryption doesn’t affect the data itself; it just affects how it is stored on disk. The purpose of TDE is to protect data if someone gets unauthorized access to the raw database files on the disk.
Rotate the key
Perform the following steps to rotate the TDE master key:
The key rotation process doesn’t re-encrypt existing data with the new key—it just uses the new key for new encryptions. You must retain the old versions of the key as long as data that was encrypted with them exists.