Clustered at-rest encryption


From this blog post (, I see that a few changes are needed to the my.cnf file, and then you just run “alter table table_name encryption=‘Y’”.

Is that replicated across all cluster nodes?



The "alter table table_name encryption=‘Y’ " will replicate. However, for this to work the keyring-file-data must be configured on each node.

On nodes where the keyring is not configured, the tables will not be encrypted.