7

I want to enable Transparent Data encryption (TDE) on MySQL. I don't mind if the entire db is encrypted (as opposed to a few columns or rows or tables). I am using this for a study, so I am looking for something that is open and free. I found zNcrypt but it's a commercial product. They are essentially using eCryptfs which is open-source, but couldn't find a way to rightly configure it for MySQL. Any pointers on using eCryptfs with MySQL or any other solution for enabling TDE with MySQL would be very helpful. Thanks!

Rahul
  • 1,495
  • 1
  • 15
  • 25

1 Answers1

4

I see this question is relatively old, but just in case:

eCryptfs can be considered a filesystem, so, you should just need to mount it, and then point your MySQL datadir to the mounted directory. The only drawback is that it doesn't seems to support O_DIRECT, but I don't think MySQL uses it, does it?

Jean-François Corbett
  • 37,420
  • 30
  • 139
  • 188
Ildefonso Camargo
  • 76
  • 4
  • Ildefonso, it's always okay to answer older questions if they have not been adequately answered before ... it helps anyone else who comes across it, so thank you for contributing. – David Ravetti Feb 02 '13 at 22:33
  • Thanks @ildefonso-camargo, that's what I ended up doing. Since I was just experimenting, the setup worked fine for me. I am not entirely sure, if there are more subtleties involved for someone who wants to use it on production. MySQL InnoDB uses O_DIRECT if you set it to. See [`innodb_flush_method`](http://dev.mysql.com/doc/refman/5.5/en/innodb-parameters.html#sysvar_innodb_flush_method) – Rahul Feb 04 '13 at 09:28
  • @rahul yes, same goes for PostgreSQL. I would suggest using LUKS instead of eCryptfs in that case, also, it also seems to have better performance after running several tests, I think I should blog about these tests...... – Ildefonso Camargo Jul 10 '13 at 17:04