[MDEV-18971] Add background encryption threads for Aria Created: 2019-03-19  Updated: 2023-11-30

Status: Open
Project: MariaDB Server
Component/s: Encryption, Storage Engine - Aria
Fix Version/s: None

Type: New Feature Priority: Major
Reporter: Geoff Montee (Inactive) Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Blocks
blocks MDEV-20099 Implement key rotation for Aria Open
Relates
relates to MDEV-8587 Aria log encryption Open
relates to MDEV-20099 Implement key rotation for Aria Open
relates to MDEV-17324 Make information_schema table that sh... Open
relates to MDEV-18049 Support ENCRYPTED and ENCRYPTION_KEY_... Open

 Description   

Aria does not currently have background encryption threads like InnoDB does.

https://mariadb.com/kb/en/library/innodb-background-encryption-threads/

This means that if you change the value of aria_encrypt_tables, then you need to manually rebuild existing tables with a process like this:

https://mariadb.com/kb/en/library/aria-enabling-encryption/#encrypting-existing-tables

e.g.:

1.) Enable Aria encryption:

MariaDB [(none)]> SET GLOBAL aria_encrypt_tables=ON;
 
Query OK, 0 rows affected (0.000 sec)

2.) Rebuild the table that you want to ensure is encrypted:

MariaDB [(none)]> ALTER TABLE mysql.global_priv ENGINE=Aria;
 
Query OK, 7 rows affected (0.017 sec)
 
Records: 7  Duplicates: 0  Warnings: 0

3.) Confirm that the table is encrypted. See the following documentation section for that:

https://mariadb.com/kb/en/library/aria-encryption-overview/#determining-whether-a-table-is-encrypted

e.g.:

$ sudo strings /var/lib/mysql/mysql/global_priv.MAD | grep "root"

I suspect that a table would also have to be manually rebuilt after a key rotation.
Generated at Thu Feb 08 08:48:07 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.