Hi All,
Been playing with encryption in 10.1.4 today and there's a few issues...
Firstly the manualhttps://mariadb.com/kb/en/mariadb/table-encryption/ gives the following example...
"Example my.cnf to enable XtraDB encryption:
[mysqld]
file-key-management
file-key-management-filename = /mount/usb1/keys.txt
innodb-encrypt-tables
innodb-encrypt-logs
innodb-encryption-threads=4"
But doesn't make mention of the fact you need to add..
plugin-load-add=file_key_management.so
for this to work.
Secondly...
With this config..
"plugin-load-add=file_key_management.so
file_key_management
file_key_management_filename = /home/rcampbel/key.enc
file_key_management_filekey = FILE:/home/rcampbel/keyfile.txt
file_key_management_encryption_algorithm = AES_CBC
innodb-encrypt-tables
innodb-encrypt-logs
innodb-encryption-threads = 4"
I receive the following error...
ERROR Innodb: Tablespace id 0 encrypted but encryption service not available. Can't continue opening tablespace."
Then if I comment out inndob-encrypt-tables we get a step further but it complains..
"unknown option -innodb-encrypt-logs" <- documentation for 10.1.4 says differenthttps://mariadb.com/kb/en/mariadb/table-encryption/
If I change this to...
innodb-encrypt-log
The server then starts up successfully. Here's a snip of some relevant variables...
[cid:image001.png@01D07869.79EBCC60]
After this I do seem to be able to dynamically set innodb_encrypt_tables and create an encrypted table...
[cid:image002.png@01D0786A.287E0B80]
Side note file_key_management_plugin.so is missing from the 10.1.3 .tar.gz bundles
Rhys Campbell
Database Administrator
TradingScreen, Inc.
23 York House, 5th Floor
London WC2B 6UJ
Email: rhys.campbell@tradingscreen.commailto:rhys.campbell@tradingscreen.com
Follow TradingScreen on Twitterhttp://twitter.com/#!/TradingScreen , Facebookhttp://www.facebook.com/pages/TradingScreen/214046251945650 and our blog Trading Smarter