Details
-
New Feature
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Aria does not currently have background encryption threads like InnoDB does.
https://mariadb.com/kb/en/library/innodb-background-encryption-threads/
This means that if you change the value of aria_encrypt_tables, then you need to manually rebuild existing tables with a process like this:
https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables
e.g.:
1.) Enable Aria encryption:
MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON;
|
Query OK, 0 rows affected (0.000 sec)
|
2.) Rebuild the table that you want to ensure is encrypted:
MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria;
|
Query OK, 7 rows affected (0.017 sec)
|
Records: 7 Duplicates: 0 Warnings: 0
|
3.) Confirm that the table is encrypted. See the following documentation section for that:
https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted
e.g.:
$ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root"
|
I suspect that a table would also have to be manually rebuilt after a key rotation.
Attachments
Issue Links
- blocks
-
MDEV-20099 Implement key rotation for Aria
-
- Open
-
- relates to
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
-
-
- Open
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Link | This issue relates to MDEV-17324 [ MDEV-17324 ] |
| Link | This issue relates to MDEV-18049 [ MDEV-18049 ] |
| Description |
Aria does not currently have background encryption threads like InnoDB does. If you change the value of aria_encrypt_tables, then you need to rebuild existing tables with a process like this:
https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables e.g.: 1.) Enable Aria encryption: {noformat} MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON; Query OK, 0 rows affected (0.000 sec) {noformat} 2.) Rebuild the table that you want to ensure is encrypted: {noformat} MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria; Query OK, 7 rows affected (0.017 sec) Records: 7 Duplicates: 0 Warnings: 0 {noformat} 3.) Confirm that the table is encrypted. See the following documentation section for that: https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted e.g.: {noformat} $ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root" {noformat} |
Aria does not currently have background encryption threads like InnoDB does.
https://mariadb.com/kb/en/library/innodb-background-encryption-threads/ This means that if you change the value of aria_encrypt_tables, then you need to manually rebuild existing tables with a process like this: https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables e.g.: 1.) Enable Aria encryption: {noformat} MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON; Query OK, 0 rows affected (0.000 sec) {noformat} 2.) Rebuild the table that you want to ensure is encrypted: {noformat} MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria; Query OK, 7 rows affected (0.017 sec) Records: 7 Duplicates: 0 Warnings: 0 {noformat} 3.) Confirm that the table is encrypted. See the following documentation section for that: https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted e.g.: {noformat} $ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root" {noformat} |
| Description |
Aria does not currently have background encryption threads like InnoDB does.
https://mariadb.com/kb/en/library/innodb-background-encryption-threads/ This means that if you change the value of aria_encrypt_tables, then you need to manually rebuild existing tables with a process like this: https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables e.g.: 1.) Enable Aria encryption: {noformat} MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON; Query OK, 0 rows affected (0.000 sec) {noformat} 2.) Rebuild the table that you want to ensure is encrypted: {noformat} MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria; Query OK, 7 rows affected (0.017 sec) Records: 7 Duplicates: 0 Warnings: 0 {noformat} 3.) Confirm that the table is encrypted. See the following documentation section for that: https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted e.g.: {noformat} $ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root" {noformat} |
Aria does not currently have background encryption threads like InnoDB does.
https://mariadb.com/kb/en/library/innodb-background-encryption-threads/ This means that if you change the value of aria_encrypt_tables, then you need to manually rebuild existing tables with a process like this: https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables e.g.: 1.) Enable Aria encryption: {noformat} MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON; Query OK, 0 rows affected (0.000 sec) {noformat} 2.) Rebuild the table that you want to ensure is encrypted: {noformat} MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria; Query OK, 7 rows affected (0.017 sec) Records: 7 Duplicates: 0 Warnings: 0 {noformat} 3.) Confirm that the table is encrypted. See the following documentation section for that: https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted e.g.: {noformat} $ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root" {noformat} I suspect that a table would also have to be manually rebuilt after a key rotation. |
| Assignee | Michael Widenius [ monty ] |
| Link | This issue relates to MDEV-20099 [ MDEV-20099 ] |
| Link | This issue blocks MDEV-20099 [ MDEV-20099 ] |
| Fix Version/s | 10.5 [ 23123 ] | |
| Assignee | Michael Widenius [ monty ] |
| Workflow | MariaDB v3 [ 93373 ] | MariaDB v4 [ 131013 ] |
| Labels | synchronization |
| Labels | synchronization |
| Labels | synchronization |
| Labels | synchronization |
| Issue Type | Task [ 3 ] | New Feature [ 2 ] |