show variables like '%encrypt%';

+------------------------------------------+---------+

| Variable_name | Value |

+------------------------------------------+---------+

| aria_encrypt_tables | OFF |

| encrypt_binlog | OFF |

| encrypt_tmp_disk_tables | OFF |

| encrypt_tmp_files | OFF |

| file_key_management_encryption_algorithm | aes_cbc |

| innodb_default_encryption_key_id | 1 |

| innodb_encrypt_log | OFF |

| innodb_encrypt_tables | ON |

| innodb_encryption_rotate_key_age | 1 |

| innodb_encryption_rotation_iops | 100 |

| innodb_encryption_threads | 0 |

+------------------------------------------+————+

The the table is encrypted:

select *

-> from information_schema.innodb_tablespaces_encryption

-> where encryption_scheme=1

-> ;

+-------+----------------------+-------------------+--------------------+-----------------+---------------------+--------------------------+------------------------------+----------------+

+-------+----------------------+-------------------+--------------------+-----------------+---------------------+--------------------------+------------------------------+----------------+

| 35 | mytest/customers_big | 1 | 1 | 1 | 1 | NULL | NULL | 1 |

+-------+----------------------+-------------------+--------------------+-----------------+---------------------+--------------------------+------------------------------+----------------+

1 row in set (0.00 sec)

Mysqldump works fine to backup data but of course it dumps it into plain text and it’s generally a rubbish backup method.

Kind Regards

Lee

On 1 Jun 2016, at 16:13, Guillaume Lefranc <guillaume.lefranc@mariadb.com> wrote:

Hello,

on the contrary, it is clearly stated:

Percona XtraBackup cannot back up instances that use encrypted InnoDB log files.

So, either don't encrypt the log files (potentially unsafe), or use filesystem backups.

Regards
GL

On Wed, Jun 1, 2016 at 5:02 PM Lee Bennett <lee@gravity667.com> wrote:
Hi

We are in the process of setting up data at rest encryption encryption with MariaDB 10.1.13 so we can encrypt specific table. This works without any problem however when I try and backup with Percona Xtrabackup it fails saying table appears to be corrupted:

60601 14:53:46 [01] ...done
160601 14:53:46 [01] Streaming ./mytest/customers_big.ibd
[01] xtrabackup: Database page corruption detected at page 1, retrying...
[01] xtrabackup: Database page corruption detected at page 1, retrying...
160601 14:53:46 >> log scanned up to (3146117051)
[01] xtrabackup: Database page corruption detected at page 1, retrying...
[01] xtrabackup: Database page corruption detected at page 1, retrying...
[01] xtrabackup: Database page corruption detected at page 1, retrying...
[01] xtrabackup: Database page corruption detected at page 1, retrying...
[01] xtrabackup: Database page corruption detected at page 1, retrying...
[01] xtrabackup: Database page corruption detected at page 1, retrying...
[01] xtrabackup: Database page corruption detected at page 1, retrying...
[01] xtrabackup: Error: failed to read page after 10 retries. File ./mytest/customers_big.ibd seems to be corrupted.
[01] xtrabackup: Error: xtrabackup_copy_datafile() failed.
[01] xtrabackup: Error: failed to copy datafile.

This says to me that Xtrabackup isn’t compatible with MariaDB encryption however the documents kind of give the impression it is: https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/

Regards
Lee
_______________________________________________
Mailing list: https://launchpad.net/~maria-discuss
Post to : maria-discuss@lists.launchpad.net
Unsubscribe : https://launchpad.net/~maria-discuss
More help : https://help.launchpad.net/ListHelp

--
Guillaume Lefranc
Remote DBA Services Manager
MariaDB Corporation