Uploaded image for project: 'Percona Server for MySQL'
  1. Percona Server for MySQL
  2. PS-5730

Change SELECT rotate_system_key to ALTER INSTANCE for percona system key rotation.

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.7.x, 8.0.x
    • Fix Version/s: 8.0.21-12
    • Component/s: None
    • Labels:

      Description

      Currently user can rotate a key using rotate_system_key function. It can be called with SELECT statement. SELECT statement replication varies based on binlog format. This may be problematic. MySQL introduced two flavors of ALTER INSTANCE for key rotation:

      • for MK encryption the statement is always replicated.
      • for Binlog encryption the statement is never replicated.

      We want to mimic this behavior to be more in sync with how upstream behaves.

      Since binlog encryption implementation is now replaced by upstream feature we no longer need to implement rotation for binlog encryption key. Only percona_innodb system key rotation will be replaced with the ALTER INSTANCE statement.

        Attachments

          Activity

            People

            Assignee:
            robert.golebiowski Robert Golebiowski (Inactive)
            Reporter:
            robert.golebiowski Robert Golebiowski (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 4 days, 4 hours
                4d 4h

                  Smart Checklist