Using Data at Rest Encryption
What Is Data at Rest Encryption?
Data “at rest” refers to data on physical media recorded in a persistent form in Vector database table, transaction log, journal, and checkpoint files.
Data at rest encryption allows all columns in all tables in the database to be encrypted. Data in the encrypted database is stored on disk or other media in encrypted form and can only be accessed if the encryption passphrase is known.
Encrypted columns are stored in the database files using 256-bit Advanced Encryption Standard (AES) encryption. The encryption is transparent to the applications accessing the data.
Data at rest encryption does not protect data outside of the database, which includes:
• Data passed back and forth to applications
• Transactions that implement data replication at a logical (vs. binary, journal application) level
• Files created using copydb
Note: If the security of data transmitted over a network is important, you can implement protection using other mechanisms such as AES or KERBEROS. Flat files containing sensitive information that is encrypted in the database should be stored in encrypted files or on encrypted media.
Note: The data at rest encryption feature applies to X100 tables only. Data in heap tables cannot be encrypted.
Last modified date: 06/28/2024