All Products
Search

This Product

    ApsaraDB RDS:Define sensitive data

    Document Center

    ApsaraDB RDS:Define sensitive data

    Last Updated:Oct 20, 2023

    To clearly distinguish between regular data and sensitive data, the fully encrypted database feature allows you to define data types for sensitive data and frequently used SQL operators. For more information about data types of sensitive data and related SQL operators, see Supported capabilities.

    New data types of sensitive data

    You must distinguish between sensitive data and regular data based on your business requirements. You must define the data types of sensitive data in table schemas.

    The following example describes a table schema.

    CREATE TABLE example ( 
  account integer,      -- The account that corresponds to plaintext data of the INTEGER type.
  name text,            -- The name that corresponds to plaintext data of the TEXT type.
  balance real,         -- The account balance that corresponds to plaintext data of the REAL type.
  credit real,          -- The credit line of the account that corresponds to plaintext data of the REAL type.
  quota real,           -- The plaintext column.
  address text,         -- The address that corresponds to plaintext data of the TEXT type.
  remark text,          -- The description.
  PRIMARY KEY (account) -- Specifies that the account column is used as the primary key.
);

    In the preceding table schema, account, name, balance, credit, and address are sensitive data fields that are defined based on business requirements. The following example describes the sensitive data fields in the table schema of a fully encrypted database:

    CREATE TABLE example ( 
  account enc_int4,         -- The account that corresponds to plaintext data of the INTEGER type.
  name enc_text,            -- The name that corresponds to plaintext data of the TEXT type.
  balance enc_float4,       -- The account balance that corresponds to plaintext data of the REAL type.
  credit enc_float4, -- The credit line of the account that corresponds to plaintext data of the REAL type.
  quota real,               --  The plaintext column.
  address enc_text,         -- The address that corresponds to plaintext data of the TEXT type.
  remark text,              -- The remarks.
  PRIMARY KEY (account)     -- Specifies that the account column is used as the primary key.
);

    Conversion of existing regular data to sensitive data

    You can execute the ALTER TABLE statement to separately configure an existing table and convert regular data in plaintext in the table to sensitive data in ciphertext. For more information, see Convert data between plaintext and ciphertext.

    What to do next

    After you define data types of sensitive data, you can use the fully encrypted database feature as expected. For more information about how to connect to an RDS instance by using the fully encrypted database feature from your client, see Use the fully encrypted database feature from a client.