MySQL Enterprise TDE

this document provides instructions for integrating mysql enterprise tde with the {{k3}} through kmip for additional questions about your {{k}} device, refer to the user guide overview of mysql enterprise mysql enterprise edition, offered by oracle corporation as part of the oracle enterprise portfolio, is a commercial version of mysql, an open source relational database management system mysql enterprise includes the core mysql server and additional enterprise grade features, tools, and services that enhance performance, security, and uptime compared to the community edition it serves businesses that want to use mysql as part of their it infrastructure but require additional features (such as transparent data encryption (tde)) or support levels that the community edition doesn't provide key components of mysql enterprise edition include the following products mysql enterprise server mysql enterprise backup mysql enterprise monitor mysql enterprise security mysql enterprise scalability mysql enterprise authentication mysql enterprise firewall mysql enterprise audit mysql enterprise high availability mysql router mysql workbench mysql technical support kmip key management interoperability protocol (kmip) is an extensible communication protocol that defines message formats for manipulating cryptographic keys on a key management server this facilitates data encryption by simplifying encryption key management you can create keys on a server and then retrieve them, possibly wrapped by other keys it supports both symmetric and asymmetric keys and certificate signing kmip also enables clients to ask a server to encrypt or decrypt data without needing direct access to the key transparent data encryption in mysql enterprise mysql enterprise tde enables data at rest encryption by encrypting the physical files of the database it encrypts data automatically, in real time, before writing to storage and decrypts it when reading from storage as a result, hackers and malicious users cannot read sensitive data directly from database files mysql enterprise tde uses industry standard aes algorithms mysql enterprise tde includes the following file encryption coverage file per table tablespace encryption https //dev mysql com/doc/refman/8 0/en/innodb data encryption html#innodb data encryption enabling disabling general tablespace encryption https //dev mysql com/doc/refman/8 0/en/innodb data encryption html#innodb general tablespace encryption enabling disabling doublewrite file encryption https //dev mysql com/doc/refman/8 0/en/innodb data encryption html#innodb doublewrite file encryption mysql system tablespace encryption https //dev mysql com/doc/refman/8 0/en/innodb data encryption html#innodb mysql tablespace encryption enabling disabling redo log encryption https //dev mysql com/doc/refman/8 0/en/innodb data encryption html#innodb data encryption redo log undo log encryption https //dev mysql com/doc/refman/8 0/en/innodb data encryption html#innodb data encryption undo log binary log and relay log encryption https //dev mysql com/doc/refman/8 0/en/replication binlog encryption html audit log encryption https //dev mysql com/doc/mysql security excerpt/5 7/en/audit log logging configuration html#audit log file encryption encryption key management and rotation mysql enterprise tde uses a two tier encryption key architecture, consisting of a master encryption key and tablespace keys, providing easy key management and rotation you can manage tablespace keys automatically over secure protocols and store the master encryption key in a centralized key management solution (such as the kmes series 3) by integrating with an external key management system, mysql enforces a clear separation of keys from encrypted data transparent protection database table encryption and decryption occur without any additional coding, data type, or schema modifications also, users and applications continue to access data transparently, without changes mysql enterprise tde gives developers and dbas the flexibility to encrypt and decrypt tables and access mysql tables that are not encrypted integration overview this guide covers the following tasks configure tls certificates for mutual authentication create a role and identity on the {{k3}} for mysql install the keyring okv kmip plugin on mysql enterprise enable and test tde in mysql workbench the following sections show you how to perform these tasks