I have set innodb_undo_log_encrypt=ON in /etc/mysql/mysql.conf.d/encryption.cnf under the [mysqld] section but it appears to not be working. Am I just misreading the output below?
Other InnoDB tables are encrypted. A note in the MySQL docs says, "When innodb_undo_log_encrypt is enabled, unencrypted undo log pages that are present on disk remain unencrypted, and new undo log pages are written to disk in encrypted form."[1] But the flag in the conf file was set a month ago, with many writes in the interim.
No errors in the logs.
I am using MySQL 8.0.29-0ubuntu0.20.04.3.
mysql> SELECT space, name, flag, (flag & 8192) AS encrypted FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME LIKE 'innodb_undo_%';
+------------+-----------------+------+-----------+
| space | name | flag | encrypted |
+------------+-----------------+------+-----------+
| 4294967279 | innodb_undo_001 | 0 | 0 |
| 4294967278 | innodb_undo_002 | 0 | 0 |
+------------+-----------------+------+-----------+
2 rows in set (0.00 sec)
MySQL> SHOW VARIABLES LIKE "innodb_undo_log_encrypt";
+-------------------------+-------+
| Variable_name | Value |
+-------------------------+-------+
| innodb_undo_log_encrypt | ON |
+-------------------------+-------+
1 row in set (0.00 sec)
MySQL>
root@db02:~# zgrep -i undo /var/log/mysql/error.log*
root@db02:~#
[1]:
https://dev.mysql.com/doc/refman/8.0/en/innodb-data-encryption.html#innodb-data-encryption-undo-log