What kind of encryption is applied to: 1. data at rest 2. While in transit in Managed databases

Posted October 21, 2021 128 views
DigitalOcean Managed PostgreSQL DatabaseDigitalOcean Managed MySQL DatabaseDigitalOcean Managed MongoDB Database

Please explain what kind of encryption is applied to: 1. data at rest 2. While in transit, in Managed databases?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer


Data in MySQL database clusters is encrypted at rest with LUKS (Linux Unified Key Setup) and in transit with SSL. This means all data is unreadable outside of the cluster until sent purposefully.

When you allow inbound sources (such as Droplets, Kubernetes nodes or external IP addresses) to the database, the inbound source is presented with a decrypted data when requesting it. All of the data is still encrypted while on our network, so any man in the middle trying to snoop your information will be unable to do so.

Service instances and the underlying VMs use full volume encryption using LUKS with a randomly generated ephemeral key per each instance and each volume. The key is never re-used and will be trashed at the destruction of the instance, so there’s a natural key rotation with roll-forward upgrades.

Backups are encrypted with a randomly generated key per file.

Hope that this helps.