Details
-
New Feature
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
InnoDB supports manually encrypting tables with the ENCRYPTED and ENCRYPTION_KEY_ID table options:
Aria does support data-at-rest encryption:
https://mariadb.com/kb/en/library/aria-encryption-overview/
But Aria does not currently support manual encryption using these table options:
https://mariadb.com/kb/en/library/aria-enabling-encryption/#manually-encrypting-tables
See the following:
MariaDB [db1]> CREATE TABLE aria_tab (
|
-> id int primary key,
|
-> str varchar(50)
|
-> )
|
-> ENGINE = Aria
|
-> ROW_FORMAT=PAGE
|
-> ENCRYPTED = YES
|
-> ENCRYPTION_KEY_ID = 1;
|
ERROR 1911 (HY000): Unknown option 'ENCRYPTED'
|
Attachments
Issue Links
- relates to
-
MDEV-8587 Aria log encryption
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
Activity
Hi f_razzoli,
Yeah, you just can't do it by setting ENCRYPTED=YES. You have to globally enable encryption for all Aria tables, and then explicitly rebuild the table. See the following documentation section:
https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables
e.g.:
1.) Enable Aria encryption:
MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON;
|
Query OK, 0 rows affected (0.000 sec)
|
2.) Rebuild the table that you want to ensure is encrypted:
MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria;
|
Query OK, 7 rows affected (0.017 sec)
|
Records: 7 Duplicates: 0 Warnings: 0
|
3.) Confirm that the table is encrypted. See the following documentation section for that:
https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted
e.g.:
$ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root"
|
I added a note about this to the documentation:
https://mariadb.com/kb/en/library/encrypting-data-for-aria/#enabling-encryption-for-manually-encrypted-tables