Percona XtraBackup moved to https://jira.percona.com/projects/PXB

Suport InnoDB tablespace encryption

Registered by Sergei Glushchenko on 2016-02-16

Encryption has been added to InnoDB since MySQL 5.7.11. It is similar to page compression, i.e. is implemented outside InnoDB just by applying transformation to pages upon read and write. Link https://dev.mysql.com/doc/refman/5.7/en/innodb-tablespace-encryption.html

xtrabackup has to be able to copy and prepare encrypted tablespaces. Further investigation is needed, but it looks like xtrabackup will require master key to deal with encrypted tablespaces.

Blueprint information

Status:: Complete

Approver:: None

Priority:: High

Drafter:: Sergei Glushchenko

Direction:: Needs approval

Assignee:: Sergei Glushchenko

Definition:: New

Series goal:: Accepted for 2.4

Implementation:: Implemented

Milestone target:: 2.4.2

Started by: Sergei Glushchenko on 2016-03-22

Completed by: Sergei Glushchenko on 2016-03-28

Related branches

Related bugs

Sprints

Whiteboard

In order to backup and prepare database containing encrypted InnoDB
tablespaces, one must specify path to keyring file using
'--keyring-file-data' and server id using '--server-id' options.

Backup preparation with '--export' option will also create .cfp files
for encrypted tablespaces. They can later be imported using 'ALTER TABLE
IMPORT TABLESPACE'.

Xtrabackup will not copy keyring file into the backup directory. In
order to be able to prepare the backup, one must make a copy of keyring
file himself.

Options --keyring-file-data and --server-id are recognised by xtrabackup
binary only, i.e. innobackupex will not be able to backup and prepare
encrypted tablespaces.

server-id is stored in backup-my.cnf, so it can be omitted for --prepare.

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information

Everyone can see this information.

Subscribers

No subscribers.