Documentation Home
MySQL 8.0 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 45.3Mb
PDF (A4) - 45.4Mb
PDF (RPM) - 40.9Mb
HTML Download (TGZ) - 10.5Mb
HTML Download (Zip) - 10.5Mb
HTML Download (RPM) - 9.1Mb
Man Pages (TGZ) - 208.4Kb
Man Pages (Zip) - 310.6Kb
Info (Gzip) - 4.0Mb
Info (Zip) - 4.0Mb
Excerpts from this Manual

MySQL 8.0 Reference Manual  /  ...  /  ALTER INSTANCE Syntax

13.1.5 ALTER INSTANCE Syntax

ALTER INSTANCE instance_action

instance_action: {
    ROTATE INNODB MASTER KEY
  | RELOAD TLS [NO ROLLBACK ON ERROR]
}

ALTER INSTANCE defines actions applicable to a MySQL server instance. The statement supports these actions:

  • ALTER INSTANCE ROTATE INNODB MASTER KEY

    This action rotates the master encryption key used for InnoDB tablespace encryption. Key rotation requires the ENCRYPTION_KEY_ADMIN or SUPER privilege. To perform this action, a keyring plugin must be installed and configured. For instructions, see Section 6.5.4, “The MySQL Keyring”.

    ALTER INSTANCE ROTATE INNODB MASTER KEY supports concurrent DML. However, it cannot be run concurrently with CREATE TABLE ... ENCRYPTION or ALTER TABLE ... ENCRYPTION operations, and locks are taken to prevent conflicts that could arise from concurrent execution of these statements. If one of the conflicting statements is running, it must complete before another can proceed.

    ALTER INSTANCE ROTATE INNODB MASTER KEY statements are written to the binary log so that they can be executed on replicated servers.

    For additional ALTER INSTANCE ROTATE INNODB MASTER KEY usage information, see Section 15.6.3.9, “Tablespace Encryption”.

  • ALTER INSTANCE RELOAD TLS

    This action reconfigures the SSL context from the current values of the system variables that define the context. It also updates the status variables that reflect the active context values. This action requires the CONNECTION_ADMIN privilege.

    By default, the RELOAD TLS action rolls back with an error and has no effect if the configuration values do not permit creation of a new SSL context. The previous context values continue to be used for new connections.

    If the optional NO ROLLBACK ON ERROR clause is given and a new context cannot be created, rollback does not occur. Instead, a warning is generated and SSL is disabled for new connections.

    ALTER INSTANCE RELOAD TLS statements are not written to the binary log (and thus are not replicated). SSL configuration is local and depends on local files not necessarily present on all servers involved.

    For additional information about reconfiguring the SSL context, including which system and status variables are context-related, see Server-Side Runtime Configuration for Encrypted Connections.