All Products
Search

This Product

    PolarDB:Cloud disk encryption

    Document Center

    PolarDB:Cloud disk encryption

    Last Updated:Mar 12, 2025

    PolarDB for MySQL provides the cloud disk encryption feature free of charge. The feature encrypts data on each data disk of your cluster based on Elastic Block Storage (EBS). This way, your data cannot be decrypted even if it is leaked. To enable the cloud disk encryption feature, you do not need to make changes to your existing applications. After you enable the feature for your PolarDB for MySQL cluster, the snapshots that are created for the cluster are automatically encrypted.

    Prerequisites

    Preparations

    Make sure that a service-linked role for PolarDB is created. For more information, see Create a RAM role for a trusted Alibaba Cloud service.

    Cluster configuration requirements

    • Database Edition: Standard Edition.

    • Specification Type: General-purpose or Dedicated.

    • CPU Architecture: YiTian ARM or x86.

    • Storage Type: PL0 ESSD, PL1 ESSD, PL2 ESSD, PL3 ESSD, or ESSD AutoPL.

      Note

      You can enable the cloud disk encryption feature only when you purchase a cluster. After you purchase a cluster, you cannot enable the cloud disk encryption feature for the cluster. For more information, see Purchase a Standard Edition cluster.

    Billing

    The cloud disk encryption feature is provided free of charge. You do not need to pay cloud disk encryption fees when you perform read or write operations on cloud disks.

    Usage notes

    • You cannot disable the cloud disk encryption feature after you enable the feature.

    • Cloud disk encryption does not interrupt your business operations, and you do not need to make changes to your existing applications.

    • After you enable the cloud disk encryption feature for your cluster, the feature is automatically enabled for the snapshots of the cluster and the Standard Edition clusters created from the snapshots.

    Enable the cloud disk encryption feature

    When you purchase a cluster, you can select Enable Cloud Disk Encryption and, then select the default service customer master key (CMK) after you select the storage type if the prerequisites are met.

    image

    Check whether the cloud disk encryption feature is enabled

    1. Log on to the PolarDB console.

    2. In the left-side navigation pane, click Clusters.

    3. In the upper-left corner, select the region in which the cluster is deployed.

    4. Find the cluster and click its ID.

    5. In the left-side navigation pane, choose Settings and Management > Security.

    6. Click the Cloud Disk Encryption tab. If the value of the Cloud Disk Encryption Status is Enabled, the cloud disk encryption feature is enabled for the cluster.