At startup the keys will be read once and kept in memory. Normaly you are not going to encrypt 1000 tables, because you just encrypt the content that is confidential. But yes- each key has to be in the memory. Or you use an external encryption/key server that handels the encryption and the key-management outside the DB.

We enhanced the concept, that it is possible to deliver the key manually at server startup. You can have it e.g. on a pendrive and start the server with the keys as a backup.



Am 17.06.2014 um 18:55 schrieb Roberto Spadim <roberto@spadim.com.br>:

humm, now i'm thinking as a data warehouse
​think about installing a server (server 1) in somewhere (maybe saara desert).... i connect the "server 1" to internet, and configure the server uri to point to my central server (server central), maybe at moon

when the mysqld/mariadbd start, it will contact the central server and get all keys, or only get keys when i need? for example a server with 1000 tables and 1000 diferent keys, they are all stored at memory at boot time, or only when i need read/write access to that table?

if i remove the internet link, the "server 1" will not read tables, right?
in this case, if i have the keyfile in a pendrive, or a cd or dvd, could i redirect it to a key file and start database, as a backup solution?