Change SELECT rotate_system_key to ALTER INSTANCE for percona system key rotation.

General

Escalation

General

Escalation

Description

Currently user can rotate a key using rotate_system_key function. It can be called with SELECT statement. SELECT statement replication varies based on binlog format. This may be problematic. MySQL introduced two flavors of ALTER INSTANCE for key rotation:

for MK encryption the statement is always replicated.
for Binlog encryption the statement is never replicated.

We want to mimic this behavior to be more in sync with how upstream behaves.

Since binlog encryption implementation is now replaced by upstream feature we no longer need to implement rotation for binlog encryption key. Only percona_innodb system key rotation will be replaced with the ALTER INSTANCE statement.

Environment

None

Smart Checklist

Activity

Show:

Done

Details
Assignee
Robert Golebiowski(Deactivated)
Reporter
Robert Golebiowski(Deactivated)
Labels
encryption
Time tracking
4d 4h logged
Fix versions
8.0.21-12
Affects versions
5.7.x
8.0.x
Priority
High

Smart Checklist

Created June 24, 2019 at 8:14 AM

Updated March 6, 2024 at 12:03 PM

Resolved July 20, 2020 at 9:06 AM

Configure

Change SELECT rotate_system_key to ALTER INSTANCE for percona system key rotation.

Description

Environment

Smart Checklist

Activity

DetailsAssigneeRobert GolebiowskiRobert Golebiowski(Deactivated)ReporterRobert GolebiowskiRobert Golebiowski(Deactivated)LabelsencryptionTime tracking4d 4h loggedFix versions8.0.21-12Affects versions5.7.x8.0.xPriorityHigh

Details

Assignee

Reporter

Labels

Time tracking

Fix versions

Affects versions

Priority

Smart ChecklistOpen Smart Checklist

Smart Checklist

Details
Assignee
Robert Golebiowski(Deactivated)
Reporter
Robert Golebiowski(Deactivated)
Labels
encryption
Time tracking
4d 4h logged
Fix versions
8.0.21-12
Affects versions
5.7.x
8.0.x
Priority
High

Smart Checklist