MySQL 8.0 Release Notes
MySQL 8.0 Source Code Documentation
By default, contents of audit log files produced by the audit
log plugin are not encrypted and may contain sensitive
information, such as the text of SQL statements. For security
reasons, audit log files should be written to a directory
accessible only to the MySQL server and to users with a
legitimate reason to view the log. The default file name is
audit.log
in the data directory. This can
be changed by setting the
audit_log_file
system variable
at server startup. Other audit log files may exist due to log
rotation.
For additional security, enable audit log file encryption. See Encrypting Audit Log Files.