Developer Support Engineer ||
Please explain what kind of encryption is applied to: 1. data at rest 2. While in transit, in Managed databases?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello,
Data in MySQL database clusters is encrypted at rest with LUKS (Linux Unified Key Setup) and in transit with SSL. This means all data is unreadable outside of the cluster until sent purposefully.
When you allow inbound sources (such as Droplets, Kubernetes nodes or external IP addresses) to the database, the inbound source is presented with a decrypted data when requesting it. All of the data is still encrypted while on our network, so any man in the middle trying to snoop your information will be unable to do so.
Service instances and the underlying VMs use full volume encryption using LUKS with a randomly generated ephemeral key per each instance and each volume. The key is never re-used and will be trashed at the destruction of the instance, so there’s a natural key rotation with roll-forward upgrades.
Backups are encrypted with a randomly generated key per file.
Hope that this helps. Regards, Priyanka
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.