I am trying to install and configure the keyring plugin to be able to encrypt an existing database in MySQL.
My version of MySQL is 5.7.19-0ubuntu0.16.04.1
In the configuration file /etc/mysql/my.conf I have put the following code
[mysqld]
early-plugin-load=keyring_file.so
keyring_file_data=/usr/local/mysql/mysql-keyring
After doing this, I generated the directory with the following commands.
cd /usr/local/mysql
mkdir mysql-keyring
chmod 750 mysql-keyring
chown mysql mysql-keyring
chgrp mysql mysql-keyring
Once these two points are finished, I have restarted the mysql service with the command
/etc/init.d/mysql restart
Step to test if the plugin is correctly activated, I launch the query
SELECT PLUGIN_NAME, PLUGIN_STATUS
FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME LIKE 'keyring%';
The answer is the following
+--------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+--------------+---------------+
| keyring_file | ACTIVE |
+--------------+---------------+
Therefore, the plugin must be correctly activated.
It is time to start with the tests, the ultimate goal is to be able to encrypt a complete database (which is already created and has data), to avoid that possible leak of information if it is exported outside our server.
I start by creating a table of zero, to see if everything works correctly.
When launching the command
CREATE TABLE t2 (c1 INT) ENCRYPTION='Y';
I get the error back
/* Error de SQL (3185): Can't find master key from keyring, please check keyring plugin is loaded. */
And any query that I try to launch of creation of tables returns me the same.
If I launch the command, to update an InnoDB table, it returns the same error.
ALTER TABLE DetallesFacturasVarios ENCRYPTION='Y';
/* Error de SQL (3185): Can't find master key from keyring, please check keyring plugin is loaded. */
I have researched and I have not found the solution to create this key. Any help?