We should document how to encrypt Aria tables on an existing server. The documentation doesn't currently say:

https://mariadb.com/kb/en/library/encrypting-data-for-aria/

As far as I can tell, an Aria table is only encrypted if aria_encrypt_tables=ON was set when it was created.

Test

I tested this by doing the following:

1.) Start a server with aria_encrypt_tables=OFF.

2.) Run the following statements:

USE db1;

CREATE TABLE aria_tab (

   id int primary key,

   str varchar(50)

) ENGINE=Aria ROW_FORMAT=PAGE;

INSERT INTO aria_tab VALUES (1, 'str1');

3.) Set aria_encrypt_tables=ON;

SET GLOBAL aria_encrypt_tables=ON;

4.) Execute the following:

$ sudo strings /var/lib/mysql/db1/aria_tab.MAD | grep "str1"

str1

The table does not appear to be encrypted.

To make sure it's encrypted, it looks like I have to do the following:

ALTER TABLE aria_tab ENGINE=Aria ROW_FORMAT=PAGE;

At that point, the table seems to be encrypted:

$ sudo strings /var/lib/mysql/db1/aria_tab.MAD | grep "str1"

Generic Process

So the generic process to enable Aria encryption looks like this:

1.) Set aria_encrypt_tables=ON.

SET GLOBAL aria_encrypt_tables=ON;

Make sure to also set it in the configuration file.

2.) Find all Aria tables that use the PAGE row_format:

SELECT TABLE_SCHEMA, TABLE_NAME 

FROM information_schema.TABLES 

WHERE ENGINE='Aria' 

AND ROW_FORMAT='PAGE'

AND TABLE_SCHEMA != 'information_schema';

3.) For each table in the results,rebuild the table:

ALTER TABLE aria_tab ENGINE=Aria ROW_FORMAT=PAGE;