How to leverage Azure Encryption for MYSQL DB

Question

question

KoteswaraPentakota-9480 asked May 10, '22 AnuragSharma-MSFT commented May 13, '22

How to leverage Azure Encryption for MYSQL DB

Hi Team,

We have explicitly encrypted some PII Data at our MySQL DB. This is causing some issues while connecting to our Database and populate it else where with decryption needed always.

Is there a way we can leverage this to the Azure MySQL where i read the Encryption is taken up by default and while reading the data it auto decrypts the content and shares it back to the queries.

If this is possible, do we see encrypted data for the said columns or the entire Table data while viewing it on the Database and when does it actually return the decrypted version.

Any inputs on this would really help.

Thanks,
Kotesh

azure-database-mysql azure-disk-encryption fasttrack-azure-startup

· 2

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnuragSharma-MSFT · May 10 at 06:43 AM

Hi @KoteswaraPentakota-9480, welcome to Microsoft Q&A forum.

If I understand from the question, you want to encrypt/decrypt specific data using some algorithm and you want to do it by default everytime data is loaded to table or data is being read from table.

As much as I know there is no direct way to achieve this, Azure MySQL already provides Data Encryption at rest, and if we are using any other custom process to explicitly encrypt few columns then this decryption needs to be applied at places where we are reading the data.

However I have also reached out to internal product team on the same and will be replying back at the earliest based on their response.

0 ·

KoteswaraPentakota-9480 · May 10 at 07:08 AM

We are fine using Data encryption at rest even if it is applied to all columns in table and database. But when someone uses the Mysql database and does a query will it show the data in plain or encrypted format? If the data when queried shows in plain format then what is the use of Data encryption at rest. Intention is if instead of we doing the encryption can we leverage Azure Mysql encryption. At the same time ensure anyone using the database with queries to not see PII data in plain.

Would like to have your inputs on this.

0 ·

Answer 1 · 2022-05-10T08:52:13.663Z

AnuragSharma-MSFT answered May 10, '22 AnuragSharma-MSFT commented May 13, '22

Thanks for providing more details @KoteswaraPentakota-9480.

Data Encryption at rest basically protects data against attacks where in the data, backups are all encrypted on disk.

But if someone has access to database through credentials, they will be able to see all the table data as it is.

I have received the response back from product group and table/row/column level encryption is not available out of the box as of now.

However we can use Encryption and Compression Functions to achieve the same. The article mentioned has clear description on how to use them while inserting and then reading the data back from the tables.

Please let us know if this helps or else we can discuss further on the same.

If answer helps your query, you can mark it 'Accept Answer' to help others having similar query.

· 1

5 |1600 characters needed characters left characters exceeded

Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AnuragSharma-MSFT · May 13 at 09:17 AM

Hi @KoteswaraPentakota-9480 just wanted to check if this helps or we can discuss further.

0 ·

question