Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18049

Support ENCRYPTED and ENCRYPTION_KEY_ID table options for Aria

Details

    Description

      InnoDB supports manually encrypting tables with the ENCRYPTED and ENCRYPTION_KEY_ID table options:

      https://mariadb.com/kb/en/library/innodb-enabling-encryption/#enabling-encryption-for-manually-encrypted-tablespaces

      Aria does support data-at-rest encryption:

      https://mariadb.com/kb/en/library/aria-encryption-overview/

      But Aria does not currently support manual encryption using these table options:

      https://mariadb.com/kb/en/library/aria-enabling-encryption/#manually-encrypting-tables

      See the following:

      MariaDB [db1]> CREATE TABLE aria_tab (
      		 
          ->    id int primary key,
      		 
          ->    str varchar(50)
      		 
          -> )
      		 
          -> ENGINE = Aria
      		 
          -> ROW_FORMAT=PAGE
      		 
          -> ENCRYPTED = YES
      		 
          -> ENCRYPTION_KEY_ID = 1;
      		 
      ERROR 1911 (HY000): Unknown option 'ENCRYPTED'

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-8587 Aria log encryption

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MDEV-17324 Make information_schema table that shows which Aria tables are encrypted

          • Major - Major loss of function.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. MDEV-18971 Add background encryption threads for Aria

          • Major - Major loss of function.
          • Open

          Task - A task that needs to be done. MDEV-20099 Implement key rotation for Aria

          • Major - Major loss of function.
          • Open

          Activity

            Descending order - Click to sort in ascending order
            GeoffMontee Geoff Montee (Inactive) added a comment -

            Hi f_razzoli,

            Yeah, you just can't do it by setting ENCRYPTED=YES. You have to globally enable encryption for all Aria tables, and then explicitly rebuild the table. See the following documentation section:

            https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables

            e.g.:

            1.) Enable Aria encryption:

            MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON;
            		 
            Query OK, 0 rows affected (0.000 sec)

            2.) Rebuild the table that you want to ensure is encrypted:

            MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria;
            		 
            Query OK, 7 rows affected (0.017 sec)
            		 
            Records: 7  Duplicates: 0  Warnings: 0

            3.) Confirm that the table is encrypted. See the following documentation section for that:

            https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted

            e.g.:

            $ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root"

            GeoffMontee Geoff Montee (Inactive) added a comment - Hi f_razzoli , Yeah, you just can't do it by setting ENCRYPTED=YES. You have to globally enable encryption for all Aria tables, and then explicitly rebuild the table. See the following documentation section: https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables e.g.: 1.) Enable Aria encryption: MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON; Query OK, 0 rows affected (0.000 sec) 2.) Rebuild the table that you want to ensure is encrypted: MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria; Query OK, 7 rows affected (0.017 sec) Records: 7 Duplicates: 0 Warnings: 0 3.) Confirm that the table is encrypted. See the following documentation section for that: https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted e.g.: $ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root"
            f_razzoli Federico Razzoli added a comment -

            Will it be possible to encrypt Aria tables in mysql database?

            f_razzoli Federico Razzoli added a comment - Will it be possible to encrypt Aria tables in mysql database?
            GeoffMontee Geoff Montee (Inactive) added a comment -

            I added a note about this to the documentation:

            https://mariadb.com/kb/en/library/encrypting-data-for-aria/#enabling-encryption-for-manually-encrypted-tables

            GeoffMontee Geoff Montee (Inactive) added a comment - I added a note about this to the documentation: https://mariadb.com/kb/en/library/encrypting-data-for-aria/#enabling-encryption-for-manually-encrypted-tables

            People

              Unassigned Unassigned
              GeoffMontee Geoff Montee (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.