MySQL supports the following keyring-related command-line options:
--keyring-migration-destination=
plugin
Command-Line Format --keyring-migration-destination=plugin_name
Type String The destination keyring plugin for key migration. See Section 6.4.14, “Migrating Keys Between Keyring Keystores”. The option value interpretation depends on whether
--keyring-migration-to-component
is specified:If no, the option value is a keyring plugin, interpreted the same way as for
--keyring-migration-source
.If yes, the option value is a keyring component, specified as the component library name in the plugin directory, including any platform-specific extension such as
.so
or.dll
.
Note--keyring-migration-source
and--keyring-migration-destination
are mandatory for all keyring migration operations. The source and destination plugins must differ, and the migration server must support both plugins.--keyring-migration-host=
host_name
Command-Line Format --keyring-migration-host=host_name
Type String Default Value localhost
The host location of the running server that is currently using one of the key migration keystores. See Section 6.4.14, “Migrating Keys Between Keyring Keystores”. Migration always occurs on the local host, so the option always specifies a value for connecting to a local server, such as
localhost
,127.0.0.1
,::1
, or the local host IP address or host name.--keyring-migration-password[=
password
]Command-Line Format --keyring-migration-password[=password]
Type String The password of the MySQL account used for connecting to the running server that is currently using one of the key migration keystores. See Section 6.4.14, “Migrating Keys Between Keyring Keystores”.
The password value is optional. If not given, the server prompts for one. If given, there must be no space between
--keyring-migration-password=
and the password following it. If no password option is specified, the default is to send no password.Specifying a password on the command line should be considered insecure. See Section 2.2.1, “End-User Guidelines for Password Security”. You can use an option file to avoid giving the password on the command line. In this case, the file should have a restrictive mode and be accessible only to the account used to run the migration server.
--keyring-migration-port=
port_num
Command-Line Format --keyring-migration-port=port_num
Type Numeric Default Value 3306
For TCP/IP connections, the port number for connecting to the running server that is currently using one of the key migration keystores. See Section 6.4.14, “Migrating Keys Between Keyring Keystores”.
--keyring-migration-socket=
path
Command-Line Format --keyring-migration-socket={file_name|pipe_name}
Type String For Unix socket file or Windows named pipe connections, the socket file or named pipe for connecting to the running server that is currently using one of the key migration keystores. See Section 6.4.14, “Migrating Keys Between Keyring Keystores”.
--keyring-migration-source=
plugin
Command-Line Format --keyring-migration-source=plugin_name
Type String The source keyring plugin for key migration. See Section 6.4.14, “Migrating Keys Between Keyring Keystores”.
The option value is similar to that for
--plugin-load
, except that only one plugin library can be specified. The value is given asplugin_library
orname
=
plugin_library
, whereplugin_library
is the name of a library file that contains plugin code, andname
is the name of a plugin to load. If a plugin library is named without any preceding plugin name, the server loads all plugins in the library. With a preceding plugin name, the server loads only the named plugin from the library. The server looks for plugin library files in the directory named by theplugin_dir
system variable.Note--keyring-migration-source
and--keyring-migration-destination
are mandatory for all keyring migration operations. The source and destination plugins must differ, and the migration server must support both plugins.--keyring-migration-to-component
Command-Line Format --keyring-migration-to-component[={OFF|ON}]
Introduced 8.0.24 Type Boolean Default Value OFF
Indicates that a key migration is from a keyring plugin to a keyring component. This option makes it possible to migrate keys from any keyring plugin to any keyring component, which facilitates transitioning a MySQL installation from keyring plugins to keyring components.
For key migration from one keyring component to another, use the mysql_migrate_keyring utility. Migration from a keyring component to a keyring plugin is not supported. See Section 6.4.14, “Migrating Keys Between Keyring Keystores”.
--keyring-migration-user=
user_name
Command-Line Format --keyring-migration-user=user_name
Type String The user name of the MySQL account used for connecting to the running server that is currently using one of the key migration keystores. See Section 6.4.14, “Migrating Keys Between Keyring Keystores”.