Security Guide : 6. Using Data at Rest Encryption
 
Share this page                  
Using Data at Rest Encryption
What Is Data at Rest Encryption?
Data "at rest" refers to data on physical media recorded in a persistent form in Vector database table, transaction log, journal, and checkpoint files.
Data at rest encryption allows specific database table columns to be encrypted. Data in the protected columns is stored on disk or other media in encrypted form and can only be accessed if the encryption passphrase is known.
Encrypted columns are stored in the database files using 128-, 192-, or 256-bit Advanced Encryption Standard (AES) encryption. A single AES key protects any data in a table that contains encrypted columns. The encryption is transparent to the applications accessing the data.
Data at rest encryption does not protect data outside of the database, which includes:
Data passed back and forth to applications
Transactions that implement data replication at a logical (vs. binary, journal application) level
Files created using copydb
Note:  If the security of data transmitted over a network is important, you can implement protection using other mechanisms such as AES or KERBEROS. Flat files containing sensitive information that is encrypted in the database should be stored in encrypted files or on encrypted media.