Help Center/ TaurusDB/ User Guide/ Data Backups/ Enabling or Disabling Encrypted Backup
Updated on 2024-11-06 GMT+08:00

Enabling or Disabling Encrypted Backup

Scenarios

GaussDB(for MySQL) can encrypt backups. After encrypted backup is enabled, a key is required, which is generated and managed by Data Encryption Workshop (DEW).

Precautions

  • Only the backups generated after encrypted backup is enabled will be encrypted.
  • After encrypted backup is disabled, new backup files will not be encrypted for storage. Backup files created before encrypted backup is disabled will not be decrypted.
  • Currently, only the SM4 and AES_256 key algorithms are supported. After encrypted backup is enabled, the key algorithm cannot be changed.
  • The key cannot be disabled, deleted, or frozen while in use, or the encrypted backups cannot be used for restoration.
  • Encrypted backups can be directly used to restore data on the management console. You do not need to manually decrypt backups.
  • Once encrypted backup is enabled for your DB instance, data cannot be restored to an existing DB instance, even if encrypted backup is disabled later.
  • Cross-region backup and encrypted backup cannot be both enabled.
  • When encrypted backup is enabled for a DB instance, only the key of the corresponding enterprise project can be selected. To view keys in an enterprise project, see Viewing a CMK.

Enabling Encrypted Backup

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and project.
  3. Click in the upper left corner of the page and choose Databases > GaussDB(for MySQL).
  4. On the Instances page, click the instance name.
  5. Choose Backups in the navigation pane and click next to Encrypted Backup.

    Figure 1 Enabling encrypted backup

  6. In the displayed dialog box, select a key or enter a key ID and click OK.

    Only SM4 and AES_256 key algorithms are supported.

    Figure 2 Selecting a key

  7. In the displayed dialog box, click Yes.
  8. Refresh the page and check whether encrypted backup is enabled.

Disabling Encrypted Backup

  1. On the Instances page, click the instance name.
  2. Choose Backups in the navigation pane and click next to Encrypted Backup.
  3. In the displayed dialog box, click Yes.