MySQL :: Re: Issue InnoDB cluster + Encrypted tables (TDE)

Contact MySQL |
Login | Register

The world's most popular open source database

Documentation Downloads MySQL.com

Developer Zone

Section Menu:

New Topic

Re: Issue InnoDB cluster + Encrypted tables (TDE) - keyring_okv

Posted by: Georgi Kodinov
Date: June 21, 2019 01:38AM

The Innodb tablespace keys (as well as the rest of the keys the server uses) are "local" to the server instance.
When you replicate (as you do with innodb cluster) the data gets decrypted by the master before being re-encrypted and sent over the wire to the slave that re-encrypts it with its local key before storing it into the innodb table.

So IMHO you shouldn't expect that the keys will replicate too.

I'll leave it to my innodb colleagues to explain when exactly does the key propagate through the keyring plugin to OKV when you create a table with ENCRYPTION='y'

Georgi "Joro" Kodinov
MySQL SrvGen team lead
Plovdiv, Bulgaria

Navigate: Previous Message• Next Message

Options: Reply• Quote

Subject

Views

Written By

Posted

Issue InnoDB cluster + Encrypted tables (TDE) - keyring_okv

1783

Guillaume Baste

June 11, 2019 03:14AM

Re: Issue InnoDB cluster + Encrypted tables (TDE) - keyring_okv

475

Georgi Kodinov

June 21, 2019 01:38AM

Re: Issue InnoDB cluster + Encrypted tables (TDE) - keyring_okv

504

Harin Vadodaria

June 21, 2019 02:43AM

Re: Issue InnoDB cluster + Encrypted tables (TDE) - keyring_okv

521

Guillaume Baste

June 21, 2019 06:14AM

Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.