Is it possible to just provide the encryption key manually? We don’t want to use Hashicorp Vault.
Hello @Tatu_Pesonen,
Absolutely! There is no requirement whatsoever to use vault to manage encryption keys in MySQL. You can enable the keyring_file plugin. Use the keyring component or keyring plugin - Percona Server for MySQL
Yes. The keyring_file plugin is a native plugin and works with all/any flavor of MySQL.
I couldn’t find any documentation regarding the configuration of data-at-rest without HashiCorp Vault - could you guide me towards some resources that show how you can configure keyring_file in an environment that uses XtraDB Cluster operator?
You just need to enable the plugin in my.cnf. I believe this is done in cr.yml?
early-plugin-load = keyring_file.so
keyring_file_data = /var/lib/mysql-keyring/keyring