This post comes from Stewart Smith at the MySQL Performance Blog.
We just released our first alpha of Percona XtraBackup 2.1 for MySQL and with it we included the ability to encrypt backups on the fly (full documentation here).
This feature is different than simply piping the backup stream through
the openssl or gpg binaries, which is what some people have used in the
past. A big benefit of using the built-in encryption is that multiple
CPU cores can be used for encryption (with the
--encrypt-threads option). You can also combine compression and encryption, each using multiple CPU cores.
One advantage of encrypting your backups is it means you can place less trust in the place where you store your backups. Our databases hold a variety of information, some of which is rather sensitive and should be kept private. One attack vector for an adversary gaining access to all of your data is via a backup.
By using Percona XtraBackup encryption your data is private by design rather than private by placing trust in your backup storage provider. This is especially an issue if you are using cloud storage to store your backups but also applies to simple off-site backups.
Percona XtraBackup 2.1.0-alpha1 supports industry standard AES encryption and we use an existing software library (libgcrypt) to do the heavy lifting so we are in no way re-inventing the wheel. You can download it here for free.