[MDEV-14610] Add syntax to manually encrypt/decrypt InnoDB's system tablespace Created: 2017-12-08  Updated: 2020-08-25  Resolved: 2018-06-07

Status: Closed
Project: MariaDB Server
Component/s: Encryption, Storage Engine - InnoDB
Fix Version/s: N/A

Type: Task Priority: Major
Reporter: Geoff Montee (Inactive) Assignee: Jan Lindström (Inactive)
Resolution: Duplicate Votes: 1
Labels: encryption, gsoc18, innodb

Issue Links:
Relates
relates to MDEV-14398 When innodb_encryption_rotate_key_age... Closed
relates to MDEV-14157 Improve documentation of data at rest... Closed
relates to MDEV-14571 mysql_install_db does not encrypt sys... Closed

 Description   

Currently, the InnoDB system tablespace can only be automatically encrypted/decrypted by the background encryption threads if innodb_encrypt_tables=ON|FORCE, innodb_encryption_threads>0, and innodb_encryption_rotate_key_age>0. There is no way to manually encrypt/decrypt the tablespace.

File-per-table tablespaces can be manually encrypted with:

ALTER TABLE tab ENCRYPTION=YES;

File-per-table tablespaces can be manually decrypted with:

ALTER TABLE tab ENCRYPTION=NO;

Some users want a similar method that would allow them to manually encrypt/decrypt the InnoDB system tablespace.

This is loosely related to MDEV-14571, since both issues are related to the fact that the system tablespace can only be encrypted/decrypted by the background threads.

 Comments   
Comment by Sergei Golubchik [ 2017-12-28 ]

may be it shouldn't be done at all, if MDEV-14398 is implemented so that innodb_encryption_rotate_key_age would only apply to rotation, not to en- and decryption.

Comment by Ralf Gebhardt [ 2018-06-07 ]

Will be closed as part of MDEV-14398

Generated at Thu Feb 08 08:14:55 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.