There are new options in
mysql: encryption: enable: yes encrypt_binlog: yes key: 1;a356c82422a9031f2e472047ad8220eeea257d611849fbdc9f75b49933f75241 threads: 1
NOTE: all changes in the configuration section will cause the MariaDB server to restart when ngcpcfg templates are applied.
mysql.encryption.enable: Switch encryption on/off. Values: yes,no, Default: yes. When enabled, all tables are being encrypted, it takes from a few seconds to several minutes for MariaDB to encrypt all the data (depending on the overall size) and the encryption procedure is performed in the background, while all the data continutes to be fully accessible. Also all new tables are created encrypted by default and it is not possible to disable encryption for specific tables as the encryption is forced.
mysql.encryption.encrypt_binlog: Encrypt binlogs. Values: yes,no, Default: yes. While it is preferred to have this option enabled by default, for scenarios where binlog files need to be parsed, this option can be turned off. It is also possible to use
--read-from-remote-serveroption to read encrypted binlogs.
mysql.encryption.key: Encryption key. The value is randomly generated during the cfg-schema upgrade when the option is added into
constants.yml. The key is located in /etc/mysql/keyfile and normally MUST NOT be changed. Changing or losing the key permanently will render all the MariaDB tablespaces data (databases/tables) unusable.
mysql.encryption.threads: Amount of encryption threads. Default: 1 How many MariaDB encryption threads should be running, this value depends on how many tables are created/removed or the encryption keys are rotated.