This topic describes how to secure data on persistent storage (data at rest) in SingleStore with CipherTrust Transparent Encryption (CTE), from Thales. This configuration allows you to protect all SingleStore information, including data files, backups, and logs from unauthorized access, including by unauthorized administrative users. The process is also known as Transparent Database Encryption or TDE.
CTE encrypts all protected SingleStoreDB data with strong encryption. If the encrypted data is obtained in any way by someone without keys to access it, it will be useless. Even the root user on the Linux system running SingleStoreDB can be prevented from accessing the information directly via the files where it is stored, even if they impersonate a user with access by using sudo. Keys can also be revoked to render data inaccessible.