Securing MariaDB: Data-at-Rest Encryption and Reliable Backups
Databases

Securing MariaDB: Data-at-Rest Encryption and Reliable Backups

  • Author :Liam K.
  • Date :March 08, 2026
  • Time :13 minutes

Goals

Encrypt data-at-rest to protect against stolen disks and ensure backups are encrypted and restorable.

TDE via Filesystem

If MariaDB doesn't support native TDE in your build, prefer encrypting the filesystem (LUKS) for the data directory and secure key management.

Encrypted Offsite Backups

Use restic or duplicity to create encrypted backups and push to S3-compatible storage:

bash
# initialize restic repository
restic init -r s3:s3.amazonaws.com/mybucket
# backup mysql dump
mysqldump -u root -p mydb > /tmp/mydb.sql
restic -r s3:s3.amazonaws.com/mybucket backup /tmp/mydb.sql

Technical Author

Technical Author - Liam K.
Liam K.

System administrator and technical writer specializing in server infrastructure, security and deployment. Creating comprehensive guides to help you master server administration.

Related Guides

Ansible Dynamic Inventory for AWS at Scale
Ansible Dynamic Inventory for AWS at Scale

March 08, 2026

Ansible for Server Automation: Playbooks, Roles and Idempotence
Ansible for Server Automation: Playbooks, Roles and Idempotence

March 08, 2026

Ansible Role Testing with Molecule and CI Pipelines
Ansible Role Testing with Molecule and CI Pipelines

March 08, 2026

Topics