ALTER INSTANCE ROTATE INNODB MASTER KEY
ALTER INSTANCE, introduced in MySQL 5.7.11,
defines actions applicable to a MySQL server instance. The
statement supports these actions:
This action rotates the master encryption key used for
InnoDBtablespace encryption. Key rotation requires the
SUPERprivilege. To perform this action, a keyring plugin must be installed and configured. For instructions, see Section 6.4.4, “The MySQL Keyring”.
ALTER INSTANCE ROTATE INNODB MASTER KEYsupports concurrent DML. However, it cannot be run concurrently with
CREATE TABLE ... ENCRYPTIONor
ALTER TABLE ... ENCRYPTIONoperations, and locks are taken to prevent conflicts that could arise from concurrent execution of these statements. If one of the conflicting statements is running, it must complete before another can proceed.
ALTER INSTANCEactions are written to the binary log so that they can be executed on replicated servers.
ALTER INSTANCE ROTATE INNODB MASTER KEYusage information, see Section 14.14, “InnoDB Data-at-Rest Encryption”. For information about keyring plugins, see Section 6.4.4, “The MySQL Keyring”.