Encrypting the Redo Log files¶
MySQL uses the redo log files to apply changes during data recovery.
Encrypt the redo log files by enabling the
variable. The default value for the variable is
The Redo log files uses the tablespace encryption key.
Dynamic: Yes Scope: Global Variable Type: Text Default Value: OFF
Determines the encryption for redo log data for tables.
When you enable innodb_redo_log_encrypt any existing redo log pages stay unencrypted, and new pages are encrypted when they are written to disk. If you disable innodb_redo_log_encrypt after enabling the variable, any encrypted pages remain encrypted, but the new pages are unencrypted.
As implemented in
8.0.16-7, the supported values for
innodb_redo_log_encrypt are the following:
keyring_key value is in tech preview.
For more information on the keyring_key - Working with Advanced Encryption Key Rotation
For innodb_redo_log_encrypt, the “ON” value is a compatibility alias for master_key.
After starting the server, an attempt to encrypt the redo log files fails if you have the following conditions:
- Server started with no keyring specified
- Server started with a keyring, but you specified a redo log encryption method that is different then previously used method on the server.