Does TiDB support encryption and decryption for a specific column?

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: TiDB支持某一列加密解密吗?

| username: Kongdom

[TiDB Usage Environment] Production Environment
[TiDB Version] v6.5.3
Due to business requirements, it is necessary to encrypt and decrypt certain sensitive data in the database, such as ID numbers. We want the data stored in the table to be encrypted, and it would be best if encryption and decryption could be done within the database.

Is this currently possible?

| username: 啦啦啦啦啦 | Original post link

Take a look at the encode() and decode() functions, but it’s best to let the program handle it.

| username: Kongdom | Original post link

If done through a program, you can only decrypt it through the program, which will be a bit troublesome when generating reports.

| username: 啦啦啦啦啦 | Original post link

I just tried it and it should work, but the field type needs to be varbinary.
image

| username: zhanggame1 | Original post link

These two should work, encrypting and decrypting strings.

| username: 啦啦啦啦啦 | Original post link

It should be possible, the usage is the same.

| username: zhanggame1 | Original post link

By the end of the year, the version should include:

  • Database-level encryption
    Support for configuring database-level static encryption
| username: Kongdom | Original post link

Uh… We don’t need database-level encryption, we need targeted data encryption.

| username: cassblanca | Original post link

Encrypting individual columns to protect sensitive information is very important. However, encrypting a database in a private deployment may not be very meaningful and could potentially reduce performance. On the other hand, supporting database encryption in public cloud can provide advanced services such as cross-cluster and cross-account data sharing, thereby enhancing security.

| username: Kongdom | Original post link

Private deployment encryption is mainly for internal use, to prevent certain individuals with access to the database from seeing the data.

| username: 像风一样的男子 | Original post link

Database encryption is to prevent operations and DBAs from leaking user privacy.

| username: RenlySir | Original post link

We need to support it. XC has this requirement, EAL encryption.

| username: Kongdom | Original post link

:clap: :clap: :clap:

| username: Kongdom | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.