MySQL Enterprise Backup 8.0 User's Guide  /  ...  /  Options for Working with Encrypted InnoDB Tablespaces

17.14 Options for Working with Encrypted InnoDB Tablespaces

MySQL Enterprise Backup supports encrypted InnoDB tablespaces. For details on how the MySQL server encrypts and decrypts InnoDB tables, see Tablespace Encryption. See Chapter 6, Working with Encrypted InnoDB Tables on how mysqlbackup commands handle encrypted InnoDB tables.

When InnoDB tablespace encryption uses Oracle Key Vault (OKV) for encryption key management, the feature is referred to as MySQL Enterprise Transparent Data Encryption (TDE).

The following is the command-line option for working with encrypted InnoDB tables:

  • --encrypt-password[=STRING]

    Property Value
    Command-Line Format --encrypt-password=STRING
    Type String

    The user-supplied password by which mysqlbackup encrypts the master encryption key, which is used to encrypt the encryption keys for the InnoDB tablespaces.

    The option must be used when backing up a server that has a keyring plugin enabled for InnoDB table encryption and for restoring a backup containing encrypted InnoDB tables. If the server is using the keyring_encrypted_file plugin, the password supplied with the option must match the value of the system variable keyring_encrypted_file_password on the server.

    The same password supplied during backup must be supplied again during a copy-back-and-apply-log, apply-log, or an apply-incremental-backup operation for the backup, or mysqlbackup will error out when it encounters encrypted InnoDB tables during the operation. If different passwords were used for different backups in a sequence of full and incremental backups, make sure the very password used to create an individual backup is supplied when performing an apply-log, apply-incremental-backup, or copy-back-and-apply-log operation on it.

    Users who do not want to supply the password on the command line or in a default file may use the option without specifying any value; mysqlbackup then asks the user to type in the password before the operation starts.


User Comments
User comments in this section are, as the name implies, provided by MySQL users. The MySQL documentation team is not responsible for, nor do they endorse, any of the information provided here.
Sign Up Login You must be logged in to post a comment.