20.13 Encryption Options

These options are for creating encrypted single-file backups and for decrypting them. See Chapter 10, Encryption for Backups for more details and usage examples for the encryption and decryption functions of MySQL Enterprise Backup.

  • --encrypt

    Encrypt the data when creating a backup image by a backup-to-image operation, or when packing a backup directory into a single file with the backup-dir-to-image command. It cannot be used with the backup or backup-and-apply-log command.

  • --decrypt

    Decrypt an encrypted backup image when performing an extract, image-to-backup-dir, or copy-back-and-apply-log operation. It is also used for performing a validate or list-image operation on an encrypted backup image.

    The option cannot be used in a apply-log, backup-and-apply-log, or copy-back operation. For restoration using the copy-back command, the encrypted backup image has to be unpacked and decrypted first using the image-to-backup-dir or extract command, together with the --decrypt option.

  • --key=STRING

    Command-Line Format --key=KEY
    Type String

    The symmetric key for encryption and decryption of a backup image. It should be a 256-bit key, encoded as a string of 64 hexadecimal digits. See Chapter 10, Encryption for Backups on how to create a key. The option is incompatible with the --key-file option.

  • --key-file=PATH

    Command-Line Format --key-file=FILE
    Type File name

    The pathname to file that contains a 256-bit key, encoded as a string of 64 hexadecimal digits, for encryption and decryption of a backup image. The option is incompatible with the --key option.