Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9639

Galera Cluster files (galera.cache, others) and slow log/general log are not encrypted when encryption is enabled

Details

    • New Feature
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • Encryption
    • None

    Description

      All data points of MariaDB 10.1.11 can be encrypted except:
      Galera gcache + galera replication data (UPDATE -encrypted now)
      Relay logs (UPDATE - encrypted now)
      General log / slow query log

      Please make those encryptable. Thank you!

      Attachments

        Activity

          kolbe Kolbe Kegel (Inactive) added a comment - I added a note about these limitations to https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#limitations .

          Its indeed a better choice to enable encryption for CSV engine and switch to table based logs for encryption.
          OTOH, encrypting log files would call for a new viewer tool capable of decrypting these files.

          nirbhay_c Nirbhay Choubey (Inactive) added a comment - Its indeed a better choice to enable encryption for CSV engine and switch to table based logs for encryption. OTOH, encrypting log files would call for a new viewer tool capable of decrypting these files.

          The Aria engine can be used for the log tables, and Aria tables can be encrypted. However, the Aria log is not currently encrypted, so Aria-based log tables ends up being not a very good solution.

          kolbe Kolbe Kegel (Inactive) added a comment - The Aria engine can be used for the log tables, and Aria tables can be encrypted. However, the Aria log is not currently encrypted, so Aria-based log tables ends up being not a very good solution.

          galera replication data can be encrypted using SSL:

          http://galeracluster.com/documentation-webpages/ssl.html

          tanj Guillaume Lefranc added a comment - galera replication data can be encrypted using SSL: http://galeracluster.com/documentation-webpages/ssl.html
          cezmunsta Ceri Williams added a comment -

          The limitation description is deceptive:

          File-based general query log and slow query log cannot be encrypted (MDEV-9639).

          When using SET GLOBAL log_output = "TABLE" you would clearly consider this to no longer be FILE, despite the CSV engine writing files that are human readable.

          cezmunsta Ceri Williams added a comment - The limitation description is deceptive: File-based general query log and slow query log cannot be encrypted ( MDEV-9639 ). When using SET GLOBAL log_output = "TABLE" you would clearly consider this to no longer be FILE , despite the CSV engine writing files that are human readable.

          People

            Unassigned Unassigned
            arubin Alexander Rubin
            Votes:
            5 Vote for this issue
            Watchers:
            21 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.