Help Center/ Database Security Service/ User Guide/ Database Security Encryption Management/ System administrator operation guide/ Data Encryption and Decryption/ Installing the Bypass Plug-in
Updated on 2025-04-16 GMT+08:00
View PDF
Share

Installing the Bypass Plug-in

If a single point of failure (SPOF) occurs after data encryption, the ciphertext restoration tool takes a long time to decrypt a large amount of data. In this scenario, the bypass plug-in can be used to encrypt and decrypt customers' ciphertext data in real time when a single point of failure (SPOF) occurs on the encryption device, ensuring quick service recovery.

You are advised to deploy the bypass plug-in in advance to cope with single points of failure (SPOFs) on encryption devices.

Constraint

  • MySQL database is supported.
  • The escape plug-in can be installed only in the JRE 8 or later and Linux x86 environment.

Plug-in Status

The plug-in is deployed on the customer's application system. The plug-in can be in any of the following states:

  • online: The plug-in is in the ready state. The status can be detected through heartbeat messages. The encryption system periodically pushes the corresponding encryption configuration and key file to the plug-in. Wait until the encryption system is faulty and then switch to the active state.
  • bypass: The plug-in is activated and in normal state. The plug-in has detected that the encryption system is abnormal. The plug-in starts to work, modifies the application connection from the gateway proxy to the directly connected database, and encrypts and decrypts the data in the JDBC request.

    When the application is connected to the gateway encryption proxy address and the application cannot communicate with the gateway encryption proxy address, the plug-in switches to the bypass state.

Procedure

  1. Log in to database encryption and access control.
  2. In the navigation tree on the left, choose Data Encryption > Bypass.
  3. Click Plug-in Download in the upper right corner of the page to download the plug-in package gde-agent.tar.gz.
  4. After the plug-in is downloaded, install the plug-in based on the deployment scenario of the customer's application system.

Operation Results

After the plug-in is installed, the plug-in information is displayed in the plug-in list. If a single point of failure occurs on the encryption device, the plug-in starts to work.