OceanBase

A unified distributed database ready for your transactional, analytical, and AI workloads.

Product Overview

DEPLOY YOUR WAY

OceanBase Cloud

The best way to deploy and scale OceanBase

OceanBase Enterprise

Run and manage OceanBase on your infra

TRY OPEN SOURCE

OceanBase Community Edition

The free, open-source distributed database

OceanBase seekdb

Open source AI native search database

Customer Stories

Real-world success stories from enterprises across diverse industries.

View All

BY USE CASES

Mission-Critical Transactions

Global & Multicloud Application

Elastic Scaling for Peak Traffic

Real-time Analytics

Active Geo-redundancy

Database Consolidation

Comprehensive knowledge hub for OceanBase.

Blog

Live Demos

Training & Certification

Documentation

Official technical guides, tutorials, API references, and manuals for all OceanBase products.

View All

PRODUCTS

OceanBase Cloud

OceanBase Database

Tools Connectors and Middleware

QUICK START

OceanBase Cloud OceanBase Database

BEST PRACTICES

Practical guides for utilizing OceanBase more effectively and conveniently

Learn more about OceanBase – our company, partnerships, and trust and security initiatives.

About OceanBase

Partner

Trust Center

Document Feedback

CREATE TABLESPACE

Last Updated：2026-05-07 11:26:25 Updated

Purpose

This statement is used to create a tablespace, a logical object, which supports encryption.

Syntax

To create an encrypted tablespace.

CREATE TABLESPACE tablespace_name [ENCRYPTION [=] 'tablespace_encryption_option'];

tablespace_encryption_option:
    N
    | Y
    | AES-256
    | AES-256-GCM
    | AES-128
    | AES-128-GCM
    | AES-192
    | AES-192-GCM
    | SM4-CBC
    | SM4-GCM

To create a tablespace.

  CREATE TABLESPACE tablespace_name
  [ADD DATAFILE 'file_name']
  [FILE_BLOCK_SIZE = value]
  USE LOGFILE GROUP logfile_group
  [EXTENT_SIZE [=] extent_size]
  [INITIAL_SIZE [=] initial_size]
  [AUTOEXTEND_SIZE [=] autoextend_size]
  [MAX_SIZE [=] max_size]
  [NODEGROUP [=] nodegroup_id]
  [WAIT]
  [COMMENT [=] 'string']
  [ENGINE [=] engine_name]

Notice

Only the syntax with the keyword is supported, and the feature does not take effect. This keyword cannot be used with ENCRYPTION. Otherwise, an error will be returned.

Parameters

Parameter	Description
tablespace_name	The name of the tablespace to be created.
ENCRYPTION	Optional. Specifies the keyword to indicate the encryption algorithm used for the tablespace. If you do not specify the encryption algorithm by using the keyword `ENCRYPTION`, an unencrypted tablespace is created by default. For more information about the encryption algorithms, see tablespace_encryption_option.

tablespace_encryption_option

N: indicates that no encryption is performed.
Y: indicates that the default encryption algorithm is AES-256.
AES-256: indicates that 256-bit keys are used for encryption and decryption.
AES-256-GCM: indicates that 256-bit keys are used in GCM mode.
AES-128: indicates that 128-bit keys are used for encryption and decryption.
AES-128-GCM: indicates that 128-bit keys are used in GCM mode.
AES-192: indicates that 192-bit keys are used for encryption and decryption.
AES-192-GCM: indicates that 192-bit keys are used in GCM mode.
SM4-CBC: indicates that the SM4 algorithm is used in CBC mode, where each data block is XORed with the output of the previous block before encryption.
SM4-GCM: indicates that the SM4 algorithm is used in GCM mode, which provides both data encryption and authentication.

Note

AES (Advanced Encryption Standard) is a symmetric encryption algorithm, which means the same key is used for encryption and decryption. AES is a block-based encryption algorithm, which typically encrypts data in 128-bit blocks.
AES-GCM (Galois/Counter Mode) is an operation mode used to process block-based encryption algorithms such as AES, providing both encryption and data authentication (also known as message authentication code).
The block length and key length of the SM4 algorithm are both 128 bits.

Examples

Create an unencrypted tablespace.
```
CREATE TABLESPACE tablespace001;
```
Create an encrypted tablespace by using transparent data encryption (TDE).
1. Set the encryption method to built-in transparent encryption.
```
ALTER SYSTEM SET tde_method = 'internal';
```
2. Display the current encryption method configuration.
```
SHOW PARAMETERS LIKE 'tde_method';
```
3. Generate a new primary encryption key.
```
ALTER INSTANCE ROTATE INNODB MASTER KEY;
```
  Notice
  
  Although the command can be executed, if the disk space is full, the new primary encryption key cannot be generated.
4. Create an encrypted tablespace named tablespace2 by using the SM4-GCM encryption algorithm.
```
CREATE TABLESPACE tablespace002 ENCRYPTION = 'SM4-GCM';
```

References

Previous topic

CREATE TABLEGROUP

Last

Next topic

CREATE USER