Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17267

Document how to encrypt Aria tables on existing server

    XMLWordPrintable

Details

    Description

      We should document how to encrypt Aria tables on an existing server. The documentation doesn't currently say:

      https://mariadb.com/kb/en/library/encrypting-data-for-aria/

      As far as I can tell, an Aria table is only encrypted if aria_encrypt_tables=ON was set when it was created.

      Test

      I tested this by doing the following:

      1.) Start a server with aria_encrypt_tables=OFF.

      2.) Run the following statements:

      USE db1;
      		 
       
      CREATE TABLE aria_tab (
      		 
         id int primary key,
      		 
         str varchar(50)
      		 
      ) ENGINE=Aria ROW_FORMAT=PAGE;
      		 
       
      INSERT INTO aria_tab VALUES (1, 'str1');

      3.) Set aria_encrypt_tables=ON;

      SET GLOBAL aria_encrypt_tables=ON;

      4.) Execute the following:

      $ sudo strings /var/lib/mysql/db1/aria_tab.MAD | grep "str1"
      		 
      str1

      The table does not appear to be encrypted.

      To make sure it's encrypted, it looks like I have to do the following:

      ALTER TABLE aria_tab ENGINE=Aria ROW_FORMAT=PAGE;

      At that point, the table seems to be encrypted:

      $ sudo strings /var/lib/mysql/db1/aria_tab.MAD | grep "str1"

      Generic Process

      So the generic process to enable Aria encryption looks like this:

      1.) Set aria_encrypt_tables=ON.

      SET GLOBAL aria_encrypt_tables=ON;

      Make sure to also set it in the configuration file.

      2.) Find all Aria tables that use the PAGE row_format:

      SELECT TABLE_SCHEMA, TABLE_NAME 
      FROM information_schema.TABLES 
      WHERE ENGINE='Aria' 
      AND ROW_FORMAT='PAGE'
      		 
      AND TABLE_SCHEMA != 'information_schema';

      3.) For each table in the results,rebuild the table:

      ALTER TABLE aria_tab ENGINE=Aria ROW_FORMAT=PAGE;

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-8040 make aria encryption use real keys

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Task - A task that needs to be done. MDEV-14157 Improve documentation of data at rest encryption

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-17268 Document how to safely decrypt Aria tables

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MDEV-17266 Document how to determine which Aria tables are encrypted

          • Major - Major loss of function.
          • Closed

          Activity

            People

              GeoffMontee Geoff Montee (Inactive)
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.