[PS-5838] Enabling ENCRYPTION_KEY_ID for tablespaces and disable ENCRYPTION='KEYRING' - Percona JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Done
Priority: High
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 8.0.17-8
Component/s: None
Labels:
None

Description

It should be possible to specify ENCRYPTION_KEY_ID for a tablespace.

It should not be allowed to create general tablespace with KEYRING encryption. For encrypting tablespace with key from keyring user should use encryption threads.

The original implementation from MariaDB also only allows to encrypt tablespaces with encryption threads (there is no notion of ENCRYPTION='KEYRING').
This will affect ~~PS-5817~~. In this ticket we say that default-table-encryption can be set to KEYRING_ON. When set it means that general tablespace should be created with DEFAULT ENCRYPTION='KEYRING'. However, we will not be supporting ENCRYPTION='KEYRING' for general tablespaces. In first releases we might not want to implement ~~PS-5817~~ and restrict default-table-encryption to ON/OFF/ONLINE_TO_KEYRING/ONLINE_FROM_KEYRING_TO_UNENCRYPTED. This is still to be decided and I will link Jira ticket with conclusion once we have one.

Attachments

Activity

People

Assignee:: Robert Golebiowski (Inactive)

Reporter:: Robert Golebiowski (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Aug/19 9:14 AM

Updated:: 30/Oct/19 5:44 PM

Resolved:: 18/Sep/19 3:19 PM

Time Tracking

Estimated:

Not Specified

Remaining: