A MySQL database needs to contain highly sensitive data that cannot be left unencrypted at rest. But yet the database needs to remain searchable by an app. What are the options for encryption at rest with MySQL?
I have looked into CryptDB but it has not been supported since early 2014, and CryptDB also does not integrate with Java naturally. Might be a lot of work to get CryptDB to work with Spring and eclipse, only to find that it is less and less supported as time passes by. And it seems like other row-level encryption methods are not yet viable, unless someone has suggestions.
So what are the database level encryption options for MySQL? And what are the file system encryption options related to a MySQL database running in CentOS 7?
The MySQL database interacts with a Spring MVC app exclusively.
Note: This is running on a dedicated physical box that ONLY has CentOS 7 installed. So we cannot use any Windows-specific tools.
Best Answer
You have several options:
If you want to encrypt the files containing the database you have dm-crypt included in the kernel to provide that kind of security https://gitlab.com/cryptsetup/cryptsetup/wikis/DMCrypt
If your app its outside the database machine also you want to encrypt the communication, you can use the ssl option that its already included in mysql https://dev.mysql.com/doc/refman/5.6/en/ssl-connections.html
And you can descend to the application level and cypher data on demand using the encryption functions that mysql provide like aes_encrypt https://dev.mysql.com/doc/refman/5.6/en/encryption-functions.html