How to encrypt MySQL database in Ubuntu 12.04 LTS

encrypt MySQL databaseProbably, the easiest way to encrypt MySQL database in Ubuntu is by using ecryptfs-utils. Install ecryptfs-utils:

apt-get install ecryptfs-utils

Mount /usr/local/encrypted directory and create mdf directory for MySQL data files (you will be prompted for passphrase and other options):

mkdir /usr/local/encrypted
mount -t ecryptfs /usr/local/encrypted /usr/local/encrypted
cd /usr/local/encrypted
mkdir mdf
chug.sh mysql mdf
chmod og-rwx mdf

chug.sh is a bash script that changes user and group by calling chown and chgrp:

chown -R $1 $2
chgrp -R $1 $2

Copy all MySQL data files to encrypted directory:

service mysql stop
cp -R -p /var/lib/mysql /usr/local/encrypted/mdf

Then change datadir in /etc/mysql/my.cnf:

#datadir         = /var/lib/mysql
datadir         = /usr/local/encrypted/mdf

and start MySQL:

service mysql start

The final step is encrypting of the swap.

All database backups should be placed in /usr/local/encrypted/backup directory.

Disabling MySQL and Nginx autostart:

update-rc.d -f mysql disable
update-rc.d -f nginx disable

3 Responses to How to encrypt MySQL database in Ubuntu 12.04 LTS

  1. sid on October 21, 2013 at 10:37 AM:

    what should be set for passphrase ?

    • dmitriano in reply to sid on October 21, 2013 at 6:27 PM:

      Honestly, I do not know exactly, I were thinking about the passphrase like it would be a password.

    • blank in reply to sid on May 27, 2015 at 2:07 AM:

      dude, the passphrase should definitely be ‘hunter2’. It is the utmost best passphrase that has the most respect in the infosec community.

Leave a Reply

Your email address will not be published. Required fields are marked *