Mysql backup encryption

I want to have encrypted backups. In order to do this I found this documentation, where data at rest encryption is described. After following installation process I added Vault to my cluster with few demo records in the database, and tried to make backup using backup.yaml file, and ended up with pod status of Error. Does backups with encrypted data should work by default after adding vault, or some additional configuration is required? If taking this approach, is it possible to use that backup outside the cluster, where it was made?
Also I checked XtraBackup documentation, and found that it has encrypt, decrypt, and encrypt-key options which should enable file encryption. This sounds like a perfect solution for me. I assume that these parameters should be provided in configuration section of cr.yaml. file. After doing that and applying backup.yaml file it gets Error status. What made me confused, is that in this documents, XtraBackup-based Encryption section, previously mentioned options are described as not available. I am not sure if it is relevant, but are these options still supported for backups using PXC 8.0?
To summarize I don’t really need data at rest encryption. I want to have encrypted backup files in volume, and be able to move it to other cluster or use that data in my local machine if needed. Maybe I can get any suggestions about encryption options also?

1 Like