Documentation Home
MySQL Enterprise Backup 8.4 User's Guide
Related Documentation Download this Manual
PDF (US Ltr) - 1.3Mb
PDF (A4) - 1.3Mb


MySQL Enterprise Backup 8.4 User's Guide  / ...  / mysqlbackup Command Reference  / mysqlbackup Command-Line Options  /  Options for Working with Encrypted InnoDB Tablespaces and EncryptedBinary/Relay Logs

20.14 Options for Working with Encrypted InnoDB Tablespaces and EncryptedBinary/Relay Logs

MySQL Enterprise Backup supports encrypted InnoDB tablespaces and encrypted binary/relay logs. For details on how MySQL Server encrypts and decrypts these items, seeInnoDB Data-at-Rest Encryption andEncrypting Binary Log Files and Relay Log Files . SeeChapter 6,Working with Encrypted InnoDB Tablespaces andSection 8.4, “Working with Encrypted Binary and Relay Logs” on howmysqlbackup commands handle these encrypted items.

The following is the command-line option for working with encrypted InnoDB tables and binary/relay logs:

  • --encrypt-password[=STRING]

    Command-Line Format--encrypt-password=STRING
    TypeString

    The user-supplied password by whichmysqlbackup encrypts the master encryption key, which is used to encrypt the encryption keys for the InnoDB tablespaces or binary/relay log files.

    The option must be used when backing up a server that has a keyring plugin or component enabled for InnoDB table or binary/relay log encryption and for restoring a backup containing encrypted InnoDB tables or binary/relay log. If the server is using thecomponent_keyring_encrypted_file keyring component, the password supplied with the option must match the keyring file encryption password that has been set on the server with thecomponent_keyring_encrypted_file.cnf file. If the server uses thekeyring_hashicorp plugin, use the option to supply the HashiCorp Vault AppRole authentication secret ID, which was the value ofkeyring_hashicorp_secret_id on the server to be backed up.

    The same password supplied during backup must be supplied again during acopy-back-and-apply-log,apply-log, or anapply-incremental-backup operation for the backup, ormysqlbackup will error out when it encounters encrypted InnoDB tables or binary/relay logs during the operation. If different passwords were used for different backups in a sequence of full and incremental backups, make sure the very password used to create an individual backup is supplied when performing anapply-log,apply-incremental-backup, orcopy-back-and-apply-log operation on it.

    Users who do not want to supply the password on the command line or in a default file may use the option without specifying any value;mysqlbackup then asks the user to type in the password before the operation starts.