MySQL Forums
Forum List  »  Security

How do I enable MySQL undo log encryption?
Posted by: Christopher de Vidal
Date: September 08, 2022 03:30AM

I have set innodb_undo_log_encrypt=ON in /etc/mysql/mysql.conf.d/encryption.cnf under the [mysqld] section but it appears to not be working. Am I just misreading the output below?

Other InnoDB tables are encrypted. A note in the MySQL docs says, "When innodb_undo_log_encrypt is enabled, unencrypted undo log pages that are present on disk remain unencrypted, and new undo log pages are written to disk in encrypted form."[1] But the flag in the conf file was set a month ago, with many writes in the interim.

No errors in the logs.

I am using MySQL 8.0.29-0ubuntu0.20.04.3.

mysql> SELECT space, name, flag, (flag & 8192) AS encrypted FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME LIKE 'innodb_undo_%';
+------------+-----------------+------+-----------+
| space | name | flag | encrypted |
+------------+-----------------+------+-----------+
| 4294967279 | innodb_undo_001 | 0 | 0 |
| 4294967278 | innodb_undo_002 | 0 | 0 |
+------------+-----------------+------+-----------+
2 rows in set (0.00 sec)

MySQL> SHOW VARIABLES LIKE "innodb_undo_log_encrypt";
+-------------------------+-------+
| Variable_name | Value |
+-------------------------+-------+
| innodb_undo_log_encrypt | ON |
+-------------------------+-------+
1 row in set (0.00 sec)

MySQL>

root@db02:~# zgrep -i undo /var/log/mysql/error.log*
root@db02:~#


[1]: https://dev.mysql.com/doc/refman/8.0/en/innodb-data-encryption.html#innodb-data-encryption-undo-log

Options: ReplyQuote


Subject
Views
Written By
Posted
How do I enable MySQL undo log encryption?
478
September 08, 2022 03:30AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.