InnoDB temporary tablespace encryption

Registered by Sergei Glushchenko on 2017-08-01

Add new global dynamic variable `innodb_temp_tablespace_encrypt=ON/OF'.
When it is turned on, server starts to encrypt temporary tablespace and
temporary InnoDB file-per-table tablespaces. Option does not force
encryption of temp tables which are currently opened, it doesn't rebuild
system temporary tablespace to encrypt data which already written. Since
temp tablespace created fresh at each server startup, it will not
contain unencrypted data if this option specified as server argument.
Turning this option off at runtime makes server to create all subsequent
temporary file-per-table tablespaces unencrypted, but does not turn off
encryption of system temporary tablespace.

To use this option, keyring plugin must be loaded. If keyring plugin is
not available, server will give error message and refuse to create new
temp tables.

Blueprint information

Status:
Started
Approver:
Laurynas Biveinis
Priority:
High
Drafter:
Sergei Glushchenko
Direction:
Approved
Assignee:
Sergei Glushchenko
Definition:
Approved
Series goal:
Accepted for 5.7
Implementation:
Needs Code Review
Milestone target:
None
Started by
Laurynas Biveinis on 2017-09-13

Related branches

Sprints

Whiteboard

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.