Is it possible to just provide the encryption key manually? We don’t want to use Hashicorp Vault.
Possible to use data-at-rest encryption without Hashicorp Vault?
Absolutely! There is no requirement whatsoever to use vault to manage encryption keys in MySQL. You can enable the keyring_file plugin. Use the keyring component or keyring plugin - Percona Server for MySQL
@matthewb Great! And this also works with the Kubernetes Operator?
Yes. The keyring_file plugin is a native plugin and works with all/any flavor of MySQL.
I couldn’t find any documentation regarding the configuration of data-at-rest without HashiCorp Vault - could you guide me towards some resources that show how you can configure keyring_file in an environment that uses XtraDB Cluster operator?
You just need to enable the plugin in my.cnf. I believe this is done in cr.yml?
early-plugin-load = keyring_file.so keyring_file_data = /var/lib/mysql-keyring/keyring