The accounts that read the data would likely have a method of utilizing the keys. I would assume a different key per account.
Authentication is handled separately from the database itself. A breach of a single database host, even as root, would not mean you're able to view the data in plain text or have access to the keys.
It could be decrypted in stream. User authenticates into the system, it then grabs the encrypted data in the database, decrypts it outside of that host using their key and sends them the decrypted data.
Of course I don't know Apples infrastructure exactly but encryption is definitely not useless in this regard.
Volitank t1_izd4clg wrote
Reply to comment by happyscrappy in Apple announces plans to encrypt iCloud data on its servers, including full backups, photos and notes. by [deleted]
The accounts that read the data would likely have a method of utilizing the keys. I would assume a different key per account.
Authentication is handled separately from the database itself. A breach of a single database host, even as root, would not mean you're able to view the data in plain text or have access to the keys.
It could be decrypted in stream. User authenticates into the system, it then grabs the encrypted data in the database, decrypts it outside of that host using their key and sends them the decrypted data.
Of course I don't know Apples infrastructure exactly but encryption is definitely not useless in this regard.