Data at Rest Encryption questions


  1. On HashiCorp Vault there is token auto renewal feature. Is this supported with XtraDB?
  2. Can Data at Rest Encryption enabled on-the-fly, when database is already in-use? What is expected to happen?

Thank you for responses.

1 Like

Hello @katajistok ,

  1. No, it is not supported. It is the way keyring plugin works.
  2. You cannot enable it on the fly. There are some tricks to make it work, but not so straightforward. We will see if these steps can be automated through the operator.
1 Like

One more question related to encryption at rest. How we should encrypt database when customer has the database on another system and it should be then restored to XtraDB?
Is it so that we should do things in this order:

  1. create XtraDB (with encryption at rest enabled)
  2. restore database from storage
1 Like

@katajistok I think yes, this should work.

1 Like