Sign InTry Free

Enable Encryption for Disk Spill

When the oom-use-tmp-storage configuration item is set to true, if the memory usage of a single SQL statement exceeds the limit of mem-quota-query setting, some operators can save the intermediate results during execution as a temporary file to the disk and delete the file after the query is completed.

You can enable encryption for disk spill to prevent attackers from accessing data by reading these temporary files.


To enable encryption for the disk spill files, you can configure the item spilled-file-encryption-method in the [security] section of the TiDB configuration file.

[security] spilled-file-encryption-method = "aes128-ctr"

Value options for spilled-file-encryption-method are aes128-ctr and plaintext. The default value is plaintext, which means that encryption is disabled.

Download PDF
One-stop & interactive experience of TiDB's capabilities WITHOUT registration.
TiDB Dedicated
TiDB Serverless
Get Demo
Get Started
© 2024 PingCAP. All Rights Reserved.
Privacy Policy.