In addition to the below flow…

 

Adding both, or either one of…

 

aria-encrypt-tables=1

encrypt-tmp-disk-tables=1

 

Results in a crash on startup…

 

 

From: Maria-discuss [mailto:maria-discuss-bounces+rhys.campbell=tradingscreen.com@lists.launchpad.net] On Behalf Of Rhys Campbell
Sent: 16 April 2015 17:24
To: maria-discuss@lists.launchpad.net
Subject: [Maria-discuss] Table encryption 10.1.4

 

Hi All,

 

Been playing with encryption in 10.1.4 today and there’s a few issues…

 

Firstly the manual gives the following example…

 

Example my.cnf to enable XtraDB encryption:

 

[mysqld]

file-key-management

file-key-management-filename = /mount/usb1/keys.txt

innodb-encrypt-tables

innodb-encrypt-logs

innodb-encryption-threads=4”

 

But doesn’t make mention of the fact you need to add..

 

plugin-load-add=file_key_management.so

 

for this to work.

 

Secondly…

 

With this config..


“plugin-load-add=file_key_management.so

file_key_management

file_key_management_filename = /home/rcampbel/key.enc

file_key_management_filekey = FILE:/home/rcampbel/keyfile.txt

file_key_management_encryption_algorithm = AES_CBC

innodb-encrypt-tables

innodb-encrypt-logs

innodb-encryption-threads = 4”

 

I receive the following error…

 

ERROR Innodb: Tablespace id 0 encrypted but encryption service not available. Can’t continue opening tablespace.”

 

Then if I comment out inndob-encrypt-tables we get a step further but it complains..

 

“unknown option –innodb-encrypt-logs” <- documentation for 10.1.4 says different

 

If I change this to…

 

innodb-encrypt-log

 

The server then starts up successfully. Here’s a snip of some relevant variables…

 

 

After this I do seem to be able to dynamically set innodb_encrypt_tables and create an encrypted table…

 

 

 

Side note file_key_management_plugin.so is missing from the 10.1.3 .tar.gz bundles

 

 

Rhys Campbell

Database Administrator

TradingScreen, Inc.

23 York House, 5th Floor

London WC2B 6UJ

Email: rhys.campbell@tradingscreen.com

 

Follow TradingScreen on Twitter , Facebook and our blog Trading Smarter

This message is intended only for the recipient(s) named above and may contain confidential information. If you are not an intended recipient, you should not review, distribute or copy this message. Please notify the sender immediately by e-mail if you have received this message in error and delete it from your system.