OceanBase logo

OceanBase

A unified distributed database ready for your transactional, analytical, and AI workloads.

DEPLOY YOUR WAY

OceanBase Cloud

The best way to deploy and scale OceanBase

OceanBase Enterprise

Run and manage OceanBase on your infra

TRY OPEN SOURCE

OceanBase Community Edition

The free, open-source distributed database

OceanBase seekdb

Open source AI native search database

Customer Stories

Real-world success stories from enterprises across diverse industries.

View All
BY USE CASES

Mission-Critical Transactions

Global & Multicloud Application

Elastic Scaling for Peak Traffic

Real-time Analytics

Active Geo-redundancy

Database Consolidation

Resources

Comprehensive knowledge hub for OceanBase.

Blog

Live Demos

Training & Certification

Documentation

Official technical guides, tutorials, API references, and manuals for all OceanBase products.

View All
PRODUCTS

OceanBase Cloud

OceanBase Database

Tools

Connectors and Middleware

QUICK START

OceanBase Cloud

OceanBase Database

BEST PRACTICES

Practical guides for utilizing OceanBase more effectively and conveniently

Company

Learn more about OceanBase – our company, partnerships, and trust and security initiatives.

About OceanBase

Partner

Trust Center

Contact Us

International - English
中国站 - 简体中文
日本 - 日本語
Sign In
Start on Cloud

A unified distributed database ready for your transactional, analytical, and AI workloads.

DEPLOY YOUR WAY

OceanBase Cloud

The best way to deploy and scale OceanBase

OceanBase Enterprise

Run and manage OceanBase on your infra

TRY OPEN SOURCE

OceanBase Community Edition

The free, open-source distributed database

OceanBase seekdb

Open source AI native search database

Customer Stories

Real-world success stories from enterprises across diverse industries.

View All
BY USE CASES

Mission-Critical Transactions

Global & Multicloud Application

Elastic Scaling for Peak Traffic

Real-time Analytics

Active Geo-redundancy

Database Consolidation

Comprehensive knowledge hub for OceanBase.

Blog

Live Demos

Training & Certification

Documentation

Official technical guides, tutorials, API references, and manuals for all OceanBase products.

View All
PRODUCTS
OceanBase CloudOceanBase Database
ToolsConnectors and Middleware
QUICK START
OceanBase CloudOceanBase Database
BEST PRACTICES

Practical guides for utilizing OceanBase more effectively and conveniently

Learn more about OceanBase – our company, partnerships, and trust and security initiatives.

About OceanBase

Partner

Trust Center

Contact Us

Start on Cloud
编组
All Products
    • Databases
    • iconOceanBase Database
    • iconOceanBase Cloud
    • iconOceanBase Tugraph
    • iconInteractive Tutorials
    • iconOceanBase Best Practices
    • Tools
    • iconOceanBase Cloud Platform
    • iconOceanBase Migration Service
    • iconOceanBase Developer Center
    • iconOceanBase Migration Assessment
    • iconOceanBase Admin Tool
    • iconOceanBase Loader and Dumper
    • iconOceanBase Deployer
    • iconKubernetes operator for OceanBase
    • iconOceanBase Diagnostic Tool
    • iconOceanBase Binlog Service
    • Connectors and Middleware
    • iconOceanBase Database Proxy
    • iconEmbedded SQL in C for OceanBase
    • iconOceanBase Call Interface
    • iconOceanBase Connector/C
    • iconOceanBase Connector/J
    • iconOceanBase Connector/ODBC
    • iconOceanBase Connector/NET
icon

OceanBase Best Practices

All Versions

  • Deploy
    • Configuration guide for read-write splitting in AP scenarios
    • Best practices for read-write splitting
  • Migrate
    • Data transfer solutions in OceanBase Database
    • Overview on data migration
    • Best practices for importing data files to OceanBase Database
    • Best practice for migrating data from other databases to OceanBase Database
    • Massive data migration strategy
    • Best practices for migrating data from MyCat to OceanBase Database
    • Best practices for migrating PostgreSQL to OceanBase MySQL-compatible mode
  • Route
    • ODP routing best practices
  • Table Design
    • Best practices for table design and index optimization
    • Best practices for creating indexes on large tables
    • Best practices for database development
  • Develop
    • Best practices for connecting Java applications to OceanBase Database
    • Best practices for integrating Spark Catalog with OceanBase Database
    • Best practices for achieving optimal performance in batch DML using JDBC and OBServer
    • Best practices for bulk data cleanup in OceanBase Database
    • Best practices for PDML processing in OceanBase Database
    • Best practices for hot tables in OceanBase Database
    • Best practices for auto-increment columns and sequences in OceanBase Database
  • Manage
    • Best practices for resource throttling
    • Best practices for data load balancing
    • Best practices for security certification
    • Best practices for access control
    • Best practices for data encryption
  • Diagnose
    • Best practices for log interpretation in common scenarios
    • Best practices for end-to-end tracing
    • Best practices for using obdiag to collect performance information
    • Best practices for using obdiag to collect diagnostic information of parallel and slow SQL statements
    • Best practices for troubleshooting OceanBase Database performance issues
  • Performance Tuning
    • Best practices for handling slow queries
    • Best practices for collecting statistics to generate an efficient execution plan
    • Best practices for updating hotspot rows
    • Best practices for large object storage performance
    • Best practices for semi-structured storage performance
    • Best practices for OceanBase materialized views
  • Cloud Database
    • Best practices for achieving high availability through cross-cloud active-active deployment
    • High availability through primary and standby databases across clouds
    • High host CPU usage
    • Best practices for read/write splitting in OceanBase Cloud

Download PDF

Configuration guide for read-write splitting in AP scenarios Best practices for read-write splitting Data transfer solutions in OceanBase Database Overview on data migration Best practices for importing data files to OceanBase Database Best practice for migrating data from other databases to OceanBase Database Massive data migration strategy Best practices for migrating data from MyCat to OceanBase Database Best practices for migrating PostgreSQL to OceanBase MySQL-compatible mode ODP routing best practices Best practices for table design and index optimization Best practices for creating indexes on large tables Best practices for database development Best practices for connecting Java applications to OceanBase Database Best practices for integrating Spark Catalog with OceanBase Database Best practices for achieving optimal performance in batch DML using JDBC and OBServer Best practices for bulk data cleanup in OceanBase Database Best practices for PDML processing in OceanBase Database Best practices for hot tables in OceanBase Database Best practices for auto-increment columns and sequences in OceanBase Database Best practices for resource throttling Best practices for data load balancing Best practices for security certification Best practices for access control Best practices for data encryption Best practices for log interpretation in common scenarios Best practices for end-to-end tracing Best practices for using obdiag to collect performance information Best practices for using obdiag to collect diagnostic information of parallel and slow SQL statements Best practices for troubleshooting OceanBase Database performance issues Best practices for handling slow queries Best practices for collecting statistics to generate an efficient execution plan Best practices for updating hotspot rows Best practices for large object storage performance Best practices for semi-structured storage performance Best practices for OceanBase materialized views Best practices for achieving high availability through cross-cloud active-active deployment High availability through primary and standby databases across clouds High host CPU usage Best practices for read/write splitting in OceanBase Cloud
OceanBase logo

The Unified Distributed Database for the AI Era.

Follow Us
Products
OceanBase CloudOceanBase EnterpriseOceanBase Community EditionOceanBase seekdb
Resources
DocsBlogLive DemosTraining & Certification
Company
About OceanBaseTrust CenterLegalPartnerContact Us
Follow Us

© OceanBase 2026. All rights reserved

Cloud Service AgreementPrivacy PolicySecurity
Contact Us
Document Feedback
  1. Documentation Center
  3. OceanBase Best Practices
  5. master
iconOceanBase Best Practices
master
  • master

Best practices for data encryption

Last Updated:2025-01-03 03:42:40  Updated
share
What is on this page
MySQL tenant
Enable TLS data transmission encryption
Enable TDE
Oracle tenant
Enable TLS data transmission encryption
Enable TDE

folded

share

As data security governance becomes an increasingly important global concern, ensuring the security of databases, foundational software for storing and managing critical data assets, has become a key challenge that requires collaboration between database vendors and customers. OceanBase has always prioritized product security. Over the years, it has actively complied with regulatory requirements, established a comprehensive security management system, and focused on building stable, reliable, secure, and open data infrastructure. Through continuous technological innovation, OceanBase helps customers protect the confidentiality, integrity, and availability of their data, earning its reputation as a trusted provider of foundational software. However, ensuring database security is not just the responsibility of vendors—it also requires close collaboration with customers.

Security is a key factor in evaluating the performance of a database. A database management system must prevent unauthorized access to safeguard the files and data it contains.

This topic provides the best practices for achieving data encryption.

MySQL tenant

Enable TLS data transmission encryption

OceanBase Database supports communication encryption to prevent the communication traffic among nodes from being intercepted or tampered with.

Related operations

  • Self-check

    Log in to OceanBase Command-Line Client (OBClient) and run \s to check whether SSL is enabled based on the SSL field for the OBServer node. If not, Not in use is displayed.

    obclient> \s

    The return result is as follows:

    obclient  Ver 2.2.6 Distrib 10.4.18-MariaDB, for Linux (x86_64) using readline 5.1

Connection id:          3221487667
Current database:       oceanbase
Current user:           root@100.88.114.135
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         OceanBase 4.3.2.1 (r201000012024080617-2ecfa3a5c430a582c4884b287b9234a9a8553bf7) (Built Aug  6 2024 18:01:40)
Protocol version:       10
Connection:             xxx.xxx.xxx.xxx TCP/IP
Server characterset:    utf8mb4
Db     characterset:    utf8mb4
Client characterset:    utf8mb4
Conn.  characterset:    utf8mb4
TCP port:               2881
Protocol:               Compressed
Active                  --------------

  • Security hardening

    For more information, see OBServer transmission encryption.

Enable TDE

OceanBase Database allows you to enable transparent data encryption (TDE) at the tablespace level to implement secure data storage.

Related operations

  • Self-check

    For a MySQL tenant, execute the following statement:

    obclient> SELECT table_name,encryptionalg,encrypted FROM oceanbase.V$OB_ENCRYPTED_TABLES;

  • Security hardening

    For more information, see Enable transparent data encryption for new tables in MySQL mode.

Oracle tenant

Enable TLS data transmission encryption

OceanBase Database supports communication encryption to prevent the communication traffic among nodes from being intercepted or tampered with.

Related operations

  • Self-check

    Log in to OBClient and run \s to check whether Transport Layer Security (TLS) is enabled based on the SSL field for the OBServer node. If not, Not in use is displayed.

    obclient> \s

    The return result is as follows:

    obclient  Ver 2.2.6 Distrib 10.4.18-MariaDB, for Linux (x86_64) using readline 5.1

Connection id:          3221487669
Current database:       SYS
Current user:           SYS
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         OceanBase 4.3.2.1 (r201000012024080617-2ecfa3a5c430a582c4884b287b9234a9a8553bf7) (Built Aug  6 2024 18:01:40)
Protocol version:       10
Connection:             xxx.xxx.xxx.xxx via TCP/IP
Server characterset:    utf8mb4
Db     characterset:    utf8mb4
Client characterset:    utf8mb4
Conn.  characterset:    utf8mb4
TCP port:               2881
Protocol:               Compressed
Active                  --------------

  • Security hardening

    For more information, see OBServer transmission encryption.

Enable TDE

OceanBase Database allows you to enable TDE at the tablespace level to implement secure data storage.

Related operations

  • Self-check

    For an Oracle tenant, execute the following statement:

    obclient> SELECT table_name,encryptionalg,encrypted FROM V$OB_ENCRYPTED_TABLES;

    If the value of the ENCRYPTED field is YES, TDE has been enabled.

  • Security hardening

    For more information, see Enable transparent data encryption for new tables in Oracle mode.

Previous topic

Best practices for access control
Last

Next topic

Best practices for log interpretation in common scenarios
Next
What is on this page
MySQL tenant
Enable TLS data transmission encryption
Enable TDE
Oracle tenant
Enable TLS data transmission encryption
Enable TDE