Migrate database encrypted with oracle mysql

MySQL & MariaDB Percona Server for MySQL 8.0
1

Hello Experts

Need clarification. I have a database which was created using oracle mysql. Want to use percona . Database is currently encrypted using component_keyring_encrypted_file

However I dont see component_keyring_encrypted_file.so under percona lib . I see followig

component_keyring_file.so

component_keyring_kmip.so

component_keyring_kms.so

component_keyring_vault.so

Is there a way out ..

2

Yes you have “a way out”.

  1. Keep the Oracle MySQL source running with its existing keyring. That server can still decrypt its own tablespaces because it has the right keyring component and password.
  2. Take a logical backup from the source:
    • mysqldump
    • mydumper (I prefer this tool, its multi-threaded and so much faster)
  3. Load the data into your Percona Server
    • mysql < your-dumped-data.sql
    • myloader (I prefer this tool, its multi-threaded and so much faster)

You can ready about mydumper/myloader from this link: mydumper.

3

Continuing Wayne’s steps:

  1. After loading the dump into Percona Server, set up replication so changes to your existing Oracle MySQL replicate to the Percona instance.
  2. Take maintenance window, and flip applications to use Percona instance.

I would recommend switching to a more secure keyring component like keyring_vault (can also use openBao), or keyring_kms (if you are in the cloud).

4

Thanx @matthewb N @Wayne_Leutwyler .

With the approach, you suggested, I need to configure settings pertaining to database hardening like password policy etc.

I intend to create a blank db with encryption using component_keyring_file followed by clone(plugin) of source