Encrypt a MariaDB database table
NOTE: Table encryption support is only available for InnoDB tables stored as individual files (the innodb_file_per_table option, enabled by default).
Follow the steps below to configure table encryption support:
-
Edit the /opt/bitnami/mariadb/conf/my.cnf configuration file.
-
Add the following lines to the configuration file, within the [mysqld] section, to activate the keyring_file plugin:
early-plugin-load=keyring_file.so keyring_file_data=/opt/bitnami/mariadb/data/keyring
NOTE: The keyring file will be automatically created in the above location when the first table is encrypted. Keep a backup of this file as the data stored in the encrypted tables cannot be recovered without it.
-
Restart the MariaDB server:
$ sudo /opt/bitnami/ctlscript.sh restart mariadb
-
Confirm that the keyring_file plugin is active by running the query below in the client:
SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'keyring%';
You should now be able to create an encrypted table by adding the ENCRYPTED=‘Y’ clause to any CREATE TABLE command. Here is an example:
CREATE TABLE mytable (id INT, value VARCHAR(255)) ENCRYPTION='Y'
Tables which are not already encrypted can be encrypted by using an ALTER TABLE command, such as the one below:
ALTER TABLE mytable ENCRYPTION='Y'