Managed database encrypted?


I was wondering if I subscribe to managed databases, will the database be encrypted for more security?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.


To add more details on managed database encryption.

Our managed database clusters are encrypted at rest with LUKS (Linux Unified Key Setup) and in transit with SSL.

Service instances and the underlying VMs use full volume encryption using LUKS with a randomly generated ephemeral key per each instance and each volume. The key is never re-used and will be trashed at the destruction of the instance, so there’s a natural key rotation with roll-forward upgrades. We use the LUKS default mode aes-xts-plain64:sha256 with a 512-bit key.

Backups are encrypted with a randomly generated key per file. These keys are in turn encrypted with RSA key-encryption key-pair and stored in the header section of each backup segment. The file encryption is performed with AES-256 in CTR mode with HMAC-SHA256 for integrity protection. The RSA key pair is randomly generated for each service. The key lengths are 256-bit for block encryption, 512-bit for integrity protection, and 3072-bits for the RSA key.

Regards, Rajkishore

Just for more context here, the data inside the DB is not encrypted, so if a person is able to log-in to your DB everything will be visible, so its encrypted at rest as stated, in transit (ssl) but not TLE, this would need to be done by you

Hey @gohesther96

The data in the managed MySQL cluster is encrypted at rest with LUKS and in transit with SSL.