Data at Rest Encryption questions

katajistok · January 4, 2022, 9:55am

Hello!

On HashiCorp Vault there is token auto renewal feature. Is this supported with XtraDB?
Can Data at Rest Encryption enabled on-the-fly, when database is already in-use? What is expected to happen?

Thank you for responses.

Sergey_Pronin · January 11, 2022, 7:57am

No, it is not supported. It is the way keyring plugin works.
You cannot enable it on the fly. There are some tricks to make it work, but not so straightforward. We will see if these steps can be automated through the operator.

katajistok · January 19, 2022, 7:39am

One more question related to encryption at rest. How we should encrypt database when customer has the database on another system and it should be then restored to XtraDB?
Is it so that we should do things in this order:

create XtraDB (with encryption at rest enabled)
restore database from storage

Sergey_Pronin · January 19, 2022, 11:19am

@katajistok I think yes, this should work.

Topic		Replies	Views
XtraDB + HashiCorp Vault integration Percona Operator for MySQL mysql , percona	2	654	November 29, 2021
Possible to use data-at-rest encryption without Hashicorp Vault? Percona Operator for MySQL	9	1032	April 12, 2023
Data at Rest Encryption was added in MariaDB 10.1.3, and when XtraBackup support it? Percona XtraBackup	0	413	March 17, 2016
Clustered at-rest encryption Percona XtraDB Cluster 5.x	1	566	December 15, 2016
Mysql backup encryption Percona XtraDB Cluster 8.x mysql , closed-no-reply	0	465	February 14, 2022

Data at Rest Encryption questions

Related topics