Suport InnoDB tablespace encryption
Encryption has been added to InnoDB since MySQL 5.7.11. It is similar to page compression, i.e. is implemented outside InnoDB just by applying transformation to pages upon read and write. Link https:/
xtrabackup has to be able to copy and prepare encrypted tablespaces. Further investigation is needed, but it looks like xtrabackup will require master key to deal with encrypted tablespaces.
Blueprint information
- Status:
- Complete
- Approver:
- None
- Priority:
- High
- Drafter:
- Sergei Glushchenko
- Direction:
- Needs approval
- Assignee:
- Sergei Glushchenko
- Definition:
- New
- Series goal:
- Accepted for 2.4
- Implementation:
- Implemented
- Milestone target:
- 2.4.2
- Started by
- Sergei Glushchenko
- Completed by
- Sergei Glushchenko
Related branches
Related bugs
Sprints
Whiteboard
In order to backup and prepare database containing encrypted InnoDB
tablespaces, one must specify path to keyring file using
'--keyring-
Backup preparation with '--export' option will also create .cfp files
for encrypted tablespaces. They can later be imported using 'ALTER TABLE
IMPORT TABLESPACE'.
Xtrabackup will not copy keyring file into the backup directory. In
order to be able to prepare the backup, one must make a copy of keyring
file himself.
Options --keyring-file-data and --server-id are recognised by xtrabackup
binary only, i.e. innobackupex will not be able to backup and prepare
encrypted tablespaces.
server-id is stored in backup-my.cnf, so it can be omitted for --prepare.
Work Items
Dependency tree
* Blueprints in grey have been implemented.