$ cat keyfile
|
1;d2826644f7ce1fadbb11534b062618e100a3e8a3eea671faaffd7cb20196829d
|
2;a1ecfbe7b6118151200e28d10c496fae6f8b48665c5ae040f82242b4cd66f280
|
Then start a server with a fresh data dir with:
# Update path as needed
|
--plugin-load-add=file_key_management.so --file-key-management-filename="${PWD}/keyfile"
|
Then execute:
SET SESSION innodb_default_encryption_key_id=1;
|
SET GLOBAL innodb_encrypt_tables=ON;
|
CREATE TABLE t1 (c INT) ENGINE=InnoDB;
|
|
SET SESSION innodb_default_encryption_key_id=2;
|
SET GLOBAL innodb_encrypt_tables=OFF;
|
SELECT @@GLOBAL.innodb_encrypt_tables; # Confirmed off (and there is no @@SESSION.innodb_encrypt_tables var)
|
CREATE TABLE t2 (c INT) ENGINE=InnoDB;
|
|
SELECT NAME, ENCRYPTION_SCHEME, CURRENT_KEY_ID FROM information_schema.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 't%';
|
Stop the server and observe that ENCRYPTION_KEY_ID 2 was used:
$ grep --binary-files=text -o 'ENCRYPTION_KEY_ID...' data/test/t2.frm
|
ENCRYPTION_KEY_ID2
|
This should not be the case as innodb_encrypt_tables was set to OFF.
Additionally, the SELECT query reports only t1 to be using encryption:
CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Optimized) Build 15/02/2025
|
11.8.1-opt>SELECT NAME, ENCRYPTION_SCHEME, CURRENT_KEY_ID FROM information_schema.INNODB_TABLESPACES_ENCRYPTION WHERE NAME LIKE 't%';
|
+---------+-------------------+----------------+
|
| NAME | ENCRYPTION_SCHEME | CURRENT_KEY_ID |
|
+---------+-------------------+----------------+
|
| test/t1 | 1 | 1 |
|
+---------+-------------------+----------------+
|
Present in 10.5-12.0