MySQL Enterprise Backup supports encrypted InnoDB tablespaces and, for release 8.0.14 and later, encrypted binary/relay logs. For details on how MySQL Server encrypts and decrypts these items, see InnoDB Data-at-Rest Encryption and Encrypting Binary Log Files and Relay Log Files . See Chapter 6, Working with Encrypted InnoDB Tablespaces and Working with Encrypted Binary and Relay Logs on how mysqlbackup commands handle these encrypted items.
The following is the command-line option for working with encrypted InnoDB tables and binary/relay logs:
Property Value Command-Line Format
The option must be used when backing up a server that has a keyring plugin enabled for InnoDB table or binary/relay log encryption and for restoring a backup containing encrypted InnoDB tables or binary/relay log. If the server is using the
keyring_encrypted_fileplugin, the password supplied with the option must match the value of the system variable
keyring_encrypted_file_passwordon the server.
The same password supplied during backup must be supplied again during a
apply-log, or an
apply-incremental-backupoperation for the backup, or mysqlbackup will error out when it encounters encrypted InnoDB tables or binary/relay logs during the operation. If different passwords were used for different backups in a sequence of full and incremental backups, make sure the very password used to create an individual backup is supplied when performing an
copy-back-and-apply-logoperation on it.
Users who do not want to supply the password on the command line or in a default file may use the option without specifying any value; mysqlbackup then asks the user to type in the password before the operation starts.