Encryption at Rest


(MD Support) #1

Has anyone implemented innodb tablespace encryption available in mysql 5.7+? Considering “single digit impact on performance” (per MySQL documentation), it will be a good HIPAA compliance measure.


(ViSolve) #2

Yes - ViSolve has deployed few InnoDB encryption for applications including for OpenEMR. You can encrypt the data at different levels and disk level encryption is independent of InnoDB version. Hope this link can help you on how to set this up.

This should have minimal impact on the performance and let us know if you experience any problems.


(MD Support) #3

@visolveemr, thank you for sharing the document. Your paper describes the encryption at the filesystem level. While every HIPAA aware system admin will do this, others hired by small offices may not.

As specified in my question, mySQL 5.7 and beyond offers a simpler way to just encrypt its data files. ENCRYPTION=‘Y’ paired with innodb_file_per_table is something the project can and should incorporate in standard installation script. This is lot easier to during installation.

I was wondering if others have performed the update of existing database and would like to share their experience.