From 1d11ed51ea0914e6a8d83e724eebc802878926e6 Mon Sep 17 00:00:00 2001 From: Yi Wu Date: Sat, 13 Jun 2020 05:30:38 +0800 Subject: [PATCH] Secure: remove out-dated encryption docs Signed-off-by: Yi Wu --- TOC.md | 1 - enable-encrypt-stored-data.md | 45 ----------------------------------- 2 files changed, 46 deletions(-) delete mode 100644 enable-encrypt-stored-data.md diff --git a/TOC.md b/TOC.md index 67b60004b606a..1df5259b08854 100644 --- a/TOC.md +++ b/TOC.md @@ -181,7 +181,6 @@ + Secure + [Enable TLS Between TiDB Clients and Servers](/enable-tls-between-clients-and-servers.md) + [Enable TLS Between TiDB Components](/enable-tls-between-components.md) - + [Encrypt Stored Data](/enable-encrypt-stored-data.md) + [Generate Self-signed Certificates](/generate-self-signed-certificates.md) + [Encryption-At-Rest](/encryption-at-rest.md) + Privileges diff --git a/enable-encrypt-stored-data.md b/enable-encrypt-stored-data.md deleted file mode 100644 index 3bc58e35acf4d..0000000000000 --- a/enable-encrypt-stored-data.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: Enable Stored Data Encryption -summary: Introduce how to enable encryption for stored data. -category: how-to ---- - -# Enable Stored Data Encryption - -In a TiDB cluster, user data is stored in TiKV. Once you configure the encrypted storage feature in TiKV, the TiDB cluster encrypts this data. This section introduces how to configure the data encryption feature in TiKV. - -## Operation procedures - -1. Generate the token file. - - The token file stores the keys used to encrypt the user data and to decrypt the encrypted data. - - {{< copyable "shell-regular" >}} - - ```bash - ./tikv-ctl random-hex --len 256 > cipher-file-256 - ``` - - > **Note:** - > - > You can only use the hex-formatted token file. The file length must be 2 to the power of N, and is less than or equal to 1024. - -2. Configure TiKV as follows. - - ```toml - [security] - # Storage path of the Cipher file. - cipher-file = "/path/to/cipher-file-256" - ``` - -> **Note:** -> -> When you import data into a cluster using [TiDB Lightning](/tidb-lightning/tidb-lightning-overview.md), if the storage encryption feature is enabled in the target cluster, the SST files generated by TiDB Lightning must be encrypted. - -## Limitations - -The limitations of the storage encryption feature are as follows: - -- If the feature has not been enabled in the cluster before, you cannot enable this feature. -- If the feature is enabled in the cluster, you cannot disable this feature. -- You cannot enable the feature for some TiKV instances while disabling it for other instances in one cluster. You can only enable or disable this feature for all TiKV instances. This is because if you enable the encrypted storage feature, data are encrypted during data migration.