Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9639

Galera Cluster files (galera.cache, others) and slow log/general log are not encrypted when encryption is enabled

Details

    • New Feature
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • Encryption
    • None

    Description

      All data points of MariaDB 10.1.11 can be encrypted except:
      Galera gcache + galera replication data (UPDATE -encrypted now)
      Relay logs (UPDATE - encrypted now)
      General log / slow query log

      Please make those encryptable. Thank you!

      Attachments

        Activity

          Descending order - Click to sort in ascending order
          cezmunsta Ceri Williams added a comment -

          The limitation description is deceptive:

          File-based general query log and slow query log cannot be encrypted (MDEV-9639).

          When using SET GLOBAL log_output = "TABLE" you would clearly consider this to no longer be FILE, despite the CSV engine writing files that are human readable.

          cezmunsta Ceri Williams added a comment - The limitation description is deceptive: File-based general query log and slow query log cannot be encrypted ( MDEV-9639 ). When using SET GLOBAL log_output = "TABLE" you would clearly consider this to no longer be FILE , despite the CSV engine writing files that are human readable.
          tanj Guillaume Lefranc added a comment -

          galera replication data can be encrypted using SSL:

          http://galeracluster.com/documentation-webpages/ssl.html

          tanj Guillaume Lefranc added a comment - galera replication data can be encrypted using SSL: http://galeracluster.com/documentation-webpages/ssl.html
          kolbe Kolbe Kegel (Inactive) added a comment -

          The Aria engine can be used for the log tables, and Aria tables can be encrypted. However, the Aria log is not currently encrypted, so Aria-based log tables ends up being not a very good solution.

          kolbe Kolbe Kegel (Inactive) added a comment - The Aria engine can be used for the log tables, and Aria tables can be encrypted. However, the Aria log is not currently encrypted, so Aria-based log tables ends up being not a very good solution.
          nirbhay_c Nirbhay Choubey (Inactive) added a comment -

          Its indeed a better choice to enable encryption for CSV engine and switch to table based logs for encryption.
          OTOH, encrypting log files would call for a new viewer tool capable of decrypting these files.

          nirbhay_c Nirbhay Choubey (Inactive) added a comment - Its indeed a better choice to enable encryption for CSV engine and switch to table based logs for encryption. OTOH, encrypting log files would call for a new viewer tool capable of decrypting these files.
          kolbe Kolbe Kegel (Inactive) added a comment -

          I added a note about these limitations to https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#limitations.

          kolbe Kolbe Kegel (Inactive) added a comment - I added a note about these limitations to https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#limitations .
          View 6 older comments

          People

            Unassigned Unassigned
            arubin Alexander Rubin
            Votes:
            5 Vote for this issue
            Watchers:
            21 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.