Cloning of encrypted data is supported. The following requirements apply:
A secure connection is required when cloning remote data to ensure safe transfer of unencrypted tablespace keys over the network. Tablespace keys are decrypted at the donor before transport and re-encrypted at the recipient using the recipient master key. An error is reported if a secure connection is not available or the
REQUIRE NO SSLclause is used in the
CLONE INSTANCEstatement. For information about configuring a secure connection for cloning, see Configuring a Secure Connection for Cloning.
When cloning data to a local data directory that uses a locally managed keyring, the same keyring must be used when starting the MySQL server on the clone directory.
When cloning data to a remote data directory (the recipient directory) that uses a locally managed keyring, the recipient keyring must be used when starting the MySQL sever on the cloned directory.
For information about the data encryption feature, see Section 188.8.131.52, “InnoDB Data-at-Rest Encryption”.