Currently, non-GA feature, Percona Server can create KEYRING key encrypted tables. Encryption background threads can convert Master Key tables to KEYRING key tables.
Take backup of tables created with ENCRYPTION='KEYRING'
Take backup of tables while background encryption threads are in progress
Take backup of tables when default_table_encryption is in all possible modes (OFF, ON, KEYRING_ON, ONLINE_TO_KEYRING, ONLINE_FROM_KEYRING_TO_UNENCRYPTED)
Verify that backup is usable with KEYS available in keyring vault/file
Verify how restore works if KEYS are NOT available keyring valut/File
Verify that Transition keys are not applicable for KEYRING encrypted tables.
Verify backup of tables that are in mixed state. ie a tablespace with some pages are MK encrypted and some are KEYRING encrypted (encryption threads are in progress)
Backup of ENCRYPTION="N" Tables. Because of crypt_data in page 0, redo log parser and writer can go haywire
Verify backup and restore when rotation of keys is in progress
Verify backup and restore when redo logs use KEYRING key
Backup needs to ensure KEYRING keys are loaded and tablespaces can use the KEYS to do IO on KEYRING key encrypted tablespaces (during backup or prepare)
Just to be clear. Encryption threads can - not only encrypt with online KEYRING encryption MK encrypted tables, but also encrypt unencrypted tables and re-encrypt tables that already encrypted by encryption threads (re-encryption is triggered by key rotation).
Currently, non-GA feature, Percona Server can create KEYRING key encrypted tables. Encryption background threads can convert Master Key tables to KEYRING key tables.
Take backup of tables created with ENCRYPTION='KEYRING'
Take backup of tables while background encryption threads are in progress
Take backup of tables when default_table_encryption is in all possible modes (OFF, ON, KEYRING_ON, ONLINE_TO_KEYRING, ONLINE_FROM_KEYRING_TO_UNENCRYPTED)
Verify that backup is usable with KEYS available in keyring vault/file
Verify how restore works if KEYS are NOT available keyring valut/File
Verify that Transition keys are not applicable for KEYRING encrypted tables.
Verify backup of tables that are in mixed state. ie a tablespace with some pages are MK encrypted and some are KEYRING encrypted (encryption threads are in progress)
Backup of ENCRYPTION="N" Tables. Because of crypt_data in page 0, redo log parser and writer can go haywire
Verify backup and restore when rotation of keys is in progress
Verify backup and restore when redo logs use KEYRING key
Backup needs to ensure KEYRING keys are loaded and tablespaces can use the KEYS to do IO on KEYRING key encrypted tablespaces (during backup or prepare)