[MDEV-11587] Add new configuration variable to disable encryption key rotation Created: 2016-12-16 Updated: 2017-11-14 Resolved: 2017-02-07 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Encryption |
| Fix Version/s: | N/A |
| Type: | Task | Priority: | Major |
| Reporter: | Geoff Montee (Inactive) | Assignee: | Jan Lindström (Inactive) |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | 10.2-rc | ||
| Issue Links: |
|
||||||||
| Description |
|
The key rotation checks process done by the background encryption threads can be quite CPU intensive. See Would it be worth adding a new configuration variable to disable key rotations for users who do not need it, but who still need to set innodb_encryption_treads > 0? |
| Comments |
| Comment by Jan Lindström (Inactive) [ 2017-01-05 ] |
|
Firstly, you need innodb_encryption_threads > 0 if you have innodb-encrypt-tables = [ON|FORCE] and you expect that tables like create table t1(...) engine=innodb; will be encrypted. If you are ok that only tables like create table t2(...) engine=innodb encrypted=yes; will be encrypted you do not need any threads if you do not need key rotation that will work with AWS key management plugin only (currently). |
| Comment by Jan Lindström (Inactive) [ 2017-02-07 ] |
|
I will not add new configuration variable, instead I will re-purpose innodb-encryption-rotate-key-age=0 to indicate no key rotation. |
| Comment by Jan Lindström (Inactive) [ 2017-02-07 ] |
|
Marking this as duplicate of |