AgilData Zero is an encryption gateway for MySQL that encrypts sensitive data on the way into the database, and decrypts result sets on the way back out.
Even if the database server is compromised and an unauthorized user is able to login and run SQL queries, no sensitive data is revealed. This contrasts greatly with the traditional approach that databases take, where data is only encrypted in-transit and at-rest, but is available in plain text if someone can login and run queries.
AgilData Zero is currently a proof-of-concept project. The main limitations currently are:
- Subset of MySQL syntax supported (just enough to run TPC-C benchmarks)
- Depends on rust-crypto which is not recommended for production use
- Query planner only handles subset of validation required to ensure no unencrypted data can leak to the database server
- Encryption keys are stored in clear text in the encryption gateway configuration file
Full documentation is available at https://agildata.github.io/agildata-zero/