Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.
Original topic: TiDB支持某一列加密解密吗?
[TiDB Usage Environment] Production Environment
[TiDB Version] v6.5.3
Due to business requirements, it is necessary to encrypt and decrypt certain sensitive data in the database, such as ID numbers. We want the data stored in the table to be encrypted, and it would be best if encryption and decryption could be done within the database.
Is this currently possible?
Take a look at the encode() and decode() functions, but it’s best to let the program handle it.
If done through a program, you can only decrypt it through the program, which will be a bit troublesome when generating reports.
I just tried it and it should work, but the field type needs to be varbinary.

These two should work, encrypting and decrypting strings.
It should be possible, the usage is the same.
By the end of the year, the version should include:
- Database-level encryption
Support for configuring database-level static encryption
Uh… We don’t need database-level encryption, we need targeted data encryption.
Encrypting individual columns to protect sensitive information is very important. However, encrypting a database in a private deployment may not be very meaningful and could potentially reduce performance. On the other hand, supporting database encryption in public cloud can provide advanced services such as cross-cluster and cross-account data sharing, thereby enhancing security.
Private deployment encryption is mainly for internal use, to prevent certain individuals with access to the database from seeing the data.
Database encryption is to prevent operations and DBAs from leaking user privacy.
We need to support it. XC has this requirement, EAL encryption.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.