MDEV-9422 disabled the key rotation for the encrypted InnoDB redo log, because the used approach of writing multiple key metadata to the checkpoint page did not work.
A better approach would seem to be the following:
- In the redo log checkpoint page, write the current key version identifier.
- When the redo log key is going to be rotated:
- Write a MLOG_KEY_ROTATE record with the information of the new (rotated) key
- Pad the end of the log block, and encrypt this block with the old key.
- Starting from the next log block, encrypt using the rotated key.
This approach has the problem that writing log involves double buffering, and the log block boundaries are not known until the final copying, which happens under mutex protection. It would be simpler to do the following:
- In each encrypted log block, write the encryption key version. (This would reduce the 512-byte logical block payload size from 496 to 492 bytes, or from 97% to 96%.)