What kind of encryption is applied to: 1. data at rest 2. While in transit in Managed databases

Please explain what kind of encryption is applied to: 1. data at rest 2. While in transit, in Managed databases?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.


Data in MySQL database clusters is encrypted at rest with LUKS (Linux Unified Key Setup) and in transit with SSL. This means all data is unreadable outside of the cluster until sent purposefully.

When you allow inbound sources (such as Droplets, Kubernetes nodes or external IP addresses) to the database, the inbound source is presented with a decrypted data when requesting it. All of the data is still encrypted while on our network, so any man in the middle trying to snoop your information will be unable to do so.

Service instances and the underlying VMs use full volume encryption using LUKS with a randomly generated ephemeral key per each instance and each volume. The key is never re-used and will be trashed at the destruction of the instance, so there’s a natural key rotation with roll-forward upgrades.

Backups are encrypted with a randomly generated key per file.

Hope that this helps. Regards, Priyanka