CREATE TABLESPACE|V4.3.3|OceanBase Database| docs|Distributed Database

CREATE TABLESPACE

Last Updated：2025-11-27 02:38:06 Updated

Purpose

You can use this statement to create a tablespace logical object. The tablespace attributes can be encrypted.

Syntax

Create an encrypted tablespace.

CREATE TABLESPACE tablespace_name [ENCRYPTION [=] 'tablespace_encryption_option'];

tablespace_encryption_option:
    N
    | Y
    | AES-256
    | AES-256-GCM
    | AES-128
    | AES-128-GCM
    | AES-192
    | AES-192-GCM
    | SM4-CBC
    | SM4-GCM

Create a tablespace.

  CREATE TABLESPACE tablespace_name
  [ADD DATAFILE 'file_name']
  [FILE_BLOCK_SIZE = value]
  USE LOGFILE GROUP logfile_group
  [EXTENT_SIZE [=] extent_size]
  [INITIAL_SIZE [=] initial_size]
  [AUTOEXTEND_SIZE [=] autoextend_size]
  [MAX_SIZE [=] max_size]
  [NODEGROUP [=] nodegroup_id]
  [WAIT]
  [COMMENT [=] 'string']
  [ENGINE [=] engine_name]

Notice

Only the keyword syntax is supported. The functionality does not actually take effect. You cannot use this keyword in combination with ENCRYPTION. Otherwise, a syntax error will be returned.

Parameters

Parameter	Description
tablespace_name	The name of the tablespace to be created.
ENCRYPTION	Optional. The keyword used for specifying the encryption algorithm employed by the tablespace. If the encryption algorithm is not specified through the `ENCRYPTION` keyword, a non-encrypted tablespace is created by default. For a detailed introduction to the encryption algorithms, see tablespace_encryption_option.

tablespace_encryption_option

N: specifies not to enable encryption for the tablespace.
Y: If Y is specified, the AES-256 encryption algorithm is used by default.
AES-256: uses a 256-bit key for encryption and decryption.
AES-256-GCM: uses Galois/Counter Mode (GCM) with a 256-bit key.
AES-128: uses a 128-bit key for encryption and decryption.
AES-128-GCM: uses GCM with a 128-bit key.
AES-192: uses a 192-bit key for encryption and decryption.
AES-192-GCM: uses GCM with a 192-bit key.
SM4-CBC: uses the SM4 algorithm in Cipher Block Chaining (CBC) mode, where before each block of data is encrypted, it undergoes an XOR operation with the encrypted output of the previous block.
SM4-GCM: uses the SM4 algorithm in GCM mode, which provides both encryption and authentication functionalities.

Note

Advanced Encryption Standard (AES) is a symmetric encryption algorithm, meaning the same key is used for both data encryption and decryption. The AES algorithm is block-based, typically encrypting data in 128-bit blocks.
AES-GCM is an operational mode employed for block encryption algorithms, such as AES, providing both encryption and data authentication (also known as message authentication code).
The block size of the SM4 algorithm is 128 bits, and the key length is also 128 bits.

Examples

Create an unencrypted tablespace object.
```
CREATE TABLESPACE tablespace001;
```
Create a tablespace object with transparent data encryption (TDE).
1. Set the encryption method to built-in transparent encryption.
```
ALTER SYSTEM SET tde_method = 'internal';
```
2. Display the current configuration of the encryption method.
```
SHOW PARAMETERS LIKE 'tde_method';
```
3. Generate a new master encryption key.
```
ALTER INSTANCE ROTATE INNODB MASTER KEY;
```
  Notice
  
  Although this command can be executed, if the disk space is full, a new master encryption key will not be generated.
4. Create an encrypted tablespace named tablespace2 that uses the SM4-GCM encryption algorithm.
```
CREATE TABLESPACE tablespace002 ENCRYPTION = 'SM4-GCM';
```

Customer Stories

Documentation

CREATE TABLESPACE

Purpose

Syntax

Notice

Parameters

tablespace_encryption_option

Note

Examples

Notice

References