Enables encryption of binlog and relay logs

Registered by Robert Golebiowski on 2017-12-19

A new binary log event type is defined, Start_encryption, which stores the key version, and all subsequent events in the log are encrypted individually. The feature is enabled by --encrypt-binlog server option.
Master stores encrypted events in binary log. When slave wants to receive an event from master, master sends the unencrypted event to slave using a secure communication channel (SSL connection). When encryption is turned-on on slave the relay logs get encrypted and – given the binary log is on on slave – the binary log gets encrypted too.
Standalone mysqlbinlog is not capable of reading encrypted binary logs – it can read binary log by using mysqld server as proxy-decryptor with use of –read-from-remote-server option.

Percona binlog key stored in keyring will be of the following scheme: <key_version>:<key_data>, where:
<key_version> is a version of the percona_binlog key. Version must be in the range <0; UINT_MAX>.
<key_data> is the 128 bits long AES key.
The naming of the percona binlog key will be percona_binlog:<key_version>.

From keyring point of view percona_binlog is a system key. Please refer to PS-3997 for more information on system keys and system key rotation. PS-3997 also adds percona_binlog rotation function and extends binlog encryption framework so it would be capable of working with different percona_binlog key versions.

Blueprint information

Status:
Complete
Approver:
Laurynas Biveinis
Priority:
High
Drafter:
Robert Golebiowski
Direction:
Approved
Assignee:
Robert Golebiowski
Definition:
New
Series goal:
Accepted for 5.7
Implementation:
Implemented
Milestone target:
milestone icon 5.7.20-19
Started by
Laurynas Biveinis
Completed by
Laurynas Biveinis

Related branches

Sprints

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.