MySQL has InnoDB data encryption, and Galera Cluster has supported it since it appeared in the main server. The one thing that was not covered was the encryption of the Galera Cache (the galera.cache file).

Here is a simple extract from the binlog.000001 files.

strings binlog.* |grep Custom |wc -l
10000
strings galera.cache |grep Custom |wc -l
10000

strings galera.cache|tail -10
Customer9100
Customer9099
Customer9098
Customer9097
Customer9096
Customer9095
Customer9094
Customer9093
Customer9092
Customer9091

You need to edit your /etc/my.cnf to include:

early-plugin-load=keyring_file.so
keyring_file_data=/var/lib/mysql-keyring/keyring

Note that in this example we are using the keyring_file plugin, which stores keyring data in a file on the local server host. This is not intended for regulatory compliance. You need to use a key management server that protects encryption keys in key vaults or hardware …