v.25.3Improvement

Encryption (the attribute encrypted_by) can now be

Official CH changelog text
Encryption (the attribute encrypted_by) can now be applied to any configuration file (config.xml, users.xml, nested configuration files). Previously, it worked only for the top-level config.xml file. #75911 (Mikhail Gorshkov).
Encryption using the encrypted_by attribute can now be applied to any ClickHouse configuration file, including config.xml, users.xml, and nested configuration files, extending beyond the previous limitation of top-level config.xml only.

Why it matters

This feature enhances security by allowing encryption of all configuration files, not just the main config.xml. It protects sensitive configuration data across the entire ClickHouse setup, ensuring consistent confidentiality and reducing exposure risks.

How to use it

Apply the encrypted_by attribute to any configuration file in the ClickHouse configuration directory. This attribute enables encryption of that specific config file. The encryption works transparently during ClickHouse startup without additional user intervention.

Related resources

PreviousNext