secure_delete — Overwrite deleted content with zeros

Common Usage

PRAGMA secure_delete;
PRAGMA secure_delete = switch;
PRAGMA database.secure_delete;
PRAGMA database.secure_delete = switch;


The secure_delete pragma is used to control how content is deleted from the database. Normally, deleted content is simply marked as unused. If the secure_delete flag is on, deleted content is first overwritten with a series of 0 byte values, removing the deleted values from the database file. The default value for the secure delete flag is normally off, but this can be changed with the SQLITE_SECURE_DELETE build option.

If a database name is given, the flag will be get or set for just that database. If no database name is given, setting the value will set it for all attached databases, while getting the value will return the current value for the main database. Newly attached databases will take on the same value as the main database.

Be aware that SQLite cannot securely delete information from the underlying storage device. If the write operation causes the filesystem to allocate a new device-level block, the old data may still exist on the raw device. There is also a slight performance penalty associated with this directive.

The secure_delete flag is stored in the page cache. If shared cache mode is enabled, changing this flag on one database connection will cause the flag to be changed for all database connections sharing that cache instance.

Get Using SQLite now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.