I am using the latest Percona:
Ver 14.14 Distrib 5.7.21-21, for debian-linux-gnu (x86_64) using 7.0
When there’s any issue with the key vault plugin (for example the key vault server is unreachable / down), the encrypted tables cause issues that I believe should not happen.
Performing access / SQL queries / deletion over them causes “MySQL server has gone away” errors. Server should “degrade gracefully” without crashing processes. If should check for some “magic number” in the files and, in case, just print a “cannot open encrypted table” message, not cause an hard crash.
Furthermore, I had to reinstall two servers from scratch because after the “gone away” errors, some times the server actually deleted / opened the tables but heavily corrupted “ibdata1”. From that moment on, I could not even drop the whole databases to restore them from backup (Server gone away errors galore). I tried recovering / replacing the now missing files as well but even by employing various tricks (to realign the tablespaces ids) it did not work.
Here’s relevant portion of the config file:
# Database encryption at rest section early-plugin-load="keyring_vault=keyring_vault.so" keyring_vault_config="/var/lib/mysql-keyring/keyring_vault.conf" keyring-vault-timeout=30 innodb_encrypt_tables=ON innodb_temp_tablespace_encrypt=ON binlog_checksum=CRC32 master_verify_checksum=ON encrypt_binlog=ON