This topic describes how to configure disk encryption for an ApsaraDB RDS for MySQL instance equipped with standard or enhanced SSDs. The disk encryption feature encrypts the data on each disk of your RDS instance by using block storage. This way, your data cannot be cracked even if it is leaked.

For more information about disk encryption in other database engines, see the following topics:



The disk encryption feature is free of charge. You do not need to pay additional fees for the read or write operations you perform on encrypted disks.


  • Disk encryption cannot be disabled after you enable it.
  • After you enable disk encryption for your RDS instance, both the snapshots generated by that RDS instance and the new RDS instances created from those snapshots are automatically encrypted.
  • Disk encryption does not interrupt your business and you do not need to modify your application.


Create an ApsaraDB RDS for MySQL instance with the Standard SSD or Enhanced SSD storage type and the Disk Encryption option selected. Then, select a key used for data encryption.

Note For more information, see Manage CMKs.

Related operations

Operation Description
Create instance Creates an ApsaraDB for RDS instance.