MySQL Forums
Forum List  »  Security

Problem data at rest encryption configuration of component_keyring_file in Windows 11.
Posted by: Lesly Campo
Date: July 28, 2023 10:46AM

I have a problem with the configuration of component_keyring_file in mysql server in windows 11.


Until now these are the steps I have been followed.

STEP BY STEP TO Encryption at DATA-REST

1. Activate Keyring component of mysql
a. In the bin directory installation of MySQL Server create a manifest file called mysqld.my with the following information in JSON format:
{
"read_local_manifest": false,
"components": "file://component_keyring_file"
}
b. In the plugin directory (normally C:\Program Files\MySQL\MySQL Server 8.0\lib\plugin) create a configuration file called component_keyring_file.cnf with the following information
{
"read_local_config": false,
"path": "component_keyring_file",
"read_only": false
}
Note: Even if the instructions tell to use absolute path only relative path worked to activate the component in the server.

c. Use ALTER INSTANCE RELOAD KEYRING in mysql query to update the component configuration.
d. Query SELECT * FROM performance_schema.keyring_component_status; to verify the status of the recent component installation.



2. To alter the encryption of an existing file-per-table tablespace, an ENCRYPTION clause must be specified.

mysql> ALTER TABLE t1 ENCRYPTION = 'Y';

3. When we restart the service and even if we use the ALTER INSTANCE RELOAD KEYRING command, we are still not able to access the encrypted data.

I don't know if this is a bug. Or I need to make changes to any of the manifest or configuration files.

I would appreciate any help.

Options: ReplyQuote


Subject
Views
Written By
Posted
Problem data at rest encryption configuration of component_keyring_file in Windows 11.
137
July 28, 2023 10:46AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.