In a cloud environment, sensitive data stored in a database can be exposed to risks, such as access by platform administrators or through compromised database accounts. The Fully Encrypted Database feature mitigates these risks by performing all cryptographic operations (encryption and decryption) within your application's client. Data is encrypted before it leaves your application and remains encrypted at all times within the database server—in transit, at rest, and even during processing. Because the database server only ever handles ciphertext (encrypted data), your data remains unintelligible even if accessed by a database administrator or a privileged account. This feature provides a powerful layer of protection against data breaches in the cloud.
How it works
The core principle is client-side encryption, managed by a specialized JDBC driver. You retain full control over the encryption keys.
Application: Your application uses the encrypted JDBC (EncJDBC) driver instead of a standard JDBC driver.
Configuration: You use Data Security Center (DSC) to define an encryption policy, specifying which databases, tables, and columns contain sensitive data that must be encrypted.
Encryption: When your application writes data, the EncJDBC driver intercepts the data, checks the DSC policy, and encrypts the values in the specified sensitive columns. It uses keys that you provide and manage.
Database: The PolarDB-X server receives and stores only the ciphertext. All database operations, such as queries and indexes, are performed on the encrypted data.
Decryption: When your application reads data, the EncJDBC driver retrieves the ciphertext from the database and decrypts it before returning the plaintext data to your application.
Key features
The core principle of a confidential database is that data encryption and decryption are performed on the application client by a specific driver, EncJDBC. The database server only stores and processes ciphertext. You manage the encryption keys, which are not hosted on the database server. The main features are as follows:
Seamless integration: You do not need to modify your application's business logic. Simply replace your standard JDBC driver with the EncJDBC driver to enable encryption.
Flexible encryption configuration: You have the flexibility to choose exactly which columns to encrypt using Data Security Center (DSC), allowing you to balance security with performance.
Granular permission management: You can set plaintext or ciphertext permissions for different database accounts. Authorized accounts can access plaintext data, while other accounts, such as those for O&M engineers and developers, can only access raw ciphertext.
Key protection: You have full control over the encryption keys. Keys are passed to the EncJDBC driver at runtime and are only used in your client's memory. They are never stored or exposed on the database server.
Use cases
Encrypted databases can address various data security challenges in different business scenarios. The following are some typical use cases:
Protect application data from cloud administrators: Encrypt sensitive business data within your application before sending it to the database. This ensures that cloud provider staff and database administrators cannot view the plaintext data.
Ensure end-user privacy with end-to-end encryption: For applications that handle highly sensitive user data (such as financial or health information), encryption can be performed directly on the end-user's device (such as a mobile app). This ensures that even you, as the application provider, cannot access the user's plaintext data, providing the highest level of privacy.
Enable secure data sharing: Share encrypted datasets with third parties without revealing your encryption keys. This allows for secure business collaboration while maintaining data ownership and complying with security regulations.
Before you start
Instance version: polardb-2.5.0_5.4.20-20250714_xcluster8.4.20-20250703 or later.
NoteFor information about the instance version naming rules, see Release notes.
For information about how to view the version of an instance, see View and update the version of an instance.
You have purchased Data Security Center (DSC) and have a sufficient quota for column encryption authorization. If you have not enabled the column encryption feature or your quota is insufficient, you can upgrade your DSC edition.
NoteEnsure that the region of your Data Security Center instance supports the column encryption feature. For more information, see Supported regions.
Billing
The encrypted database feature itself is free of charge.
However, its use depends on Data Security Center (DSC), which is a paid service. You will be billed for your DSC subscription. Also ensure you have a sufficient quota for column encryption authorization. For detailed pricing, see Billing overview.
Notes
Performance overhead
Client-side encryption and decryption consume CPU resources on your application server. The performance impact increases with the number of encrypted columns. In a typical TPC-C benchmark, encrypting all columns results in about a performance overhead of about 10%. To balance security and performance, encrypt only the sensitive columns that require protection. For more information, see the Performance test report.
Protocol limitation
The fully-encrypted feature currently supports only the
text protocol. It does not support thebinary protocol. This means that your application cannot use JDBCPreparedStatementcalls to query encrypted data, as prepared statements rely on the binary protocol. All queries involving encrypted columns must be executed using standard statements.