Currently user can rotate a key using rotate_system_key function. It can be called with SELECT statement. SELECT statement replication varies based on binlog format. This may be problematic. MySQL introduced two flavors of ALTER INSTANCE for key rotation:
- for MK encryption the statement is always replicated.
- for Binlog encryption the statement is never replicated.
We want to mimic this behavior to be more in sync with how upstream behaves.
Since binlog encryption implementation is now replaced by upstream feature we no longer need to implement rotation for binlog encryption key. Only percona_innodb system key rotation will be replaced with the ALTER INSTANCE statement.