Skip to content
logo
Percona Server for MySQL
Verify the encryption for tables, tablespaces, and schemas
Initializing search
    percona/psmysql-docs
    percona/psmysql-docs
    • Home
      • Release notes index
      • Percona Server for MySQL 8.0.33-25 Update (2023-08-02)
      • Percona Server for MySQL 8.0.33-25 (2023-06-15)
      • Percona Server for MySQL 8.0.32-24 (2023-03-20)
      • Percona Server for MySQL 8.0.31-23 (2023-02-09)
        • Percona Server for MySQL 8.0.30-22 Update (2022-11-21)
        • Percona Server for MySQL 8.0.30-22 (2022-11-21)
        • Percona Server for MySQL 8.0.29-21 (2022-08-08)
        • Percona Server for MySQL 8.0.28-20 (2022-06-20)
        • Percona Server for MySQL 8.0.28-19 (2022-05-12)
        • Percona Server for MySQL 8.0.27-18 (2022-03-02)
        • Percona Server for MySQL 8.0.26-17 (2022-01-26)
        • Percona Server for MySQL 8.0.26-16 (2021-10-20)
        • Percona Server for MySQL 8.0.25-15 (2021-07-13)
        • Percona Server for MySQL 8.0.23-14 (2021-05-12)
        • Percona Server for MySQL 8.0.22-13 (2020-12-14)
        • Percona Server for MySQL 8.0.21-12 (2020-10-13)
        • Percona Server for MySQL 8.0.20-11 (2020-07-21)
        • Percona Server for MySQL 8.0.19-10 (2020-03-23)
        • Percona Server for MySQL 8.0.18-9
        • Percona Server for MySQL 8.0.17-8
        • Percona Server for MySQL 8.0.16-7
        • Percona Server for MySQL 8.0.15-6
        • Percona Server for MySQL 8.0.15-5
        • Percona Server for MySQL 8.0.14
        • Percona Server for MySQL 8.0.13-4
        • Percona Server for MySQL 8.0.13-3
        • Percona Server for MySQL 8.0.12-2rc1
      • Limiting the disk space used by binary log files
      • Extended mysqlbinlog
      • Slow query log rotation and expiration
      • Extended SELECT INTO OUTFILE/DUMPFILE
      • Support for PROXY protocol
      • SEQUENCE_TABLE(n) function
      • Trigger updates
      • Expanded fast index creation
      • Kill idle transactions
      • Percona Toolkit UDFs
      • Utility user
      • The ProcFS plugin
      • Adaptive network buffers
      • Thread pool
      • Quickstart guide for Percona Server for MySQL
      • Install Percona Server for MySQL from repositories
        • Use APT repositories
        • Files in DEB package
        • Build APT packages
        • Downloaded DEB packages
        • Apt pinning
        • Run Percona Server for MySQL
        • Uninstall
        • Use RPM repositories
        • Files in RPM package
        • Downloaded RPM packages
        • Run Percona Server for MySQL
        • Uninstall
        • Install with binary tarballs
        • Binary tarballs available
        • Install Percona Server for MySQL from a source tarball
        • Compile Percona Server for MySQL 8.0 from source
        • Install using Docker
        • Docker environment variables
      • Upgrade guide
      • Upgrade using the Percona repositories
      • Upgrade from systems that use the MyRocks or TokuDB storage engine and partitioned tables
      • Upgrade using Standalone Packages
      • Downgrade
      • Binary logs and replication improvements
      • Post-installation
      • Working with AppArmor
      • Working with SELinux
      • Extended SHOW GRANTS
      • Backup and restore overview
      • Backup locks
      • Extended mysqldump
      • Start transaction with consistent snapshot
        • Using LDAP authentication plugins
        • LDAP authentication plugin system variables
      • Data masking
      • PAM authentication plugin
      • SSL improvements
      • Server variables
      • FIDO authentication plugin
      • Encryption functions
        • Data at Rest Encryption
        • Use the keyring component or keyring plugin
          • Using the Key Management Interoperability Protocol (KMIP)
          • Use the Amazon Key Management Service (AWS KMS)
          • Encrypt File-Per-Table Tablespace
          • Encrypt schema or general tablespace
          • Encrypt system tablespace
          • Encrypt temporary files
          • Encrypt Binary Log Files and Relay Log Files
          • Encrypting the Redo Log data
          • Encrypt the undo tablespace
          • Rotate the master key
          • Advanced encryption key rotation
          • Encrypt doublewrite buffers
          • Verify the encryption for tables, tablespaces, and schemas
      • Manage group replication flow control
      • Group replication system variables
      • Audit log plugin
      • Jemalloc memory allocation profiling
      • User statistics
      • Slow query log
      • Process list
      • Misc. INFORMATION_SCHEMA tables
      • Use Percona Monitoring and Management (PMM) Advisors
      • Too many connections warning
      • Handle corrupted tables
      • Thread based profiling
      • Stacktrace
      • Libcoredumper
        • The Percona XtraDB storage engine
        • Improved MEMORY storage engine
        • Improved InnoDB I/O scalability
        • Enforcing storage engine
        • Extended show engine InnoDB status
        • Show storage engines
        • Compressed columns with dictionaries
        • InnoDB full-text search improvements
        • XtraDB changed page tracking
        • XtraDB performance improvements for I/O-bound highly-concurrent workloads
        • Multiple page asynchronous I/O requests
        • Prefix index queries optimization
        • Limit the estimation of records in a Query
        • InnoDB page fragmentation counters
        • Percona MyRocks introduction
        • Percona MyRocks installation guide
        • Updated supported features
        • MyRocks limitations
        • Differences between Percona MyRocks and Facebook MyRocks
        • MyRocks Information Schema tables
        • MyRocks server variables
        • MyRocks status variables
        • Gap locks detection
        • Data loading
        • Installing and configuring Percona Server for MySQL with ZenFS support
        • TokuDB introduction
        • TokuDB installation
        • Use TokuDB
        • Fast updates with TokuDB
        • TokuDB files and file types
        • TokuDB file management
        • TokuDB background ANALYZE TABLE
        • TokuDB variables
        • TokuDB status variables
        • TokuDB fractal tree indexing
        • TokuDB troubleshooting
        • TokuDB Performance Schema integration
        • Frequently asked questions
        • Migrate and removing the TokuDB storage engine
        • Percona TokuBackup
      • List of variables introduced in Percona Server for MySQL 8.0
      • List of features available in Percona Server for MySQL releases
      • Percona Server for MySQL feature comparison
      • Understand version numbers
      • Development of Percona Server for MySQL
      • Trademark policy
      • Index of INFORMATION_SCHEMA tables
      • Frequently asked questions
      • Copyright and licensing information
      • Glossary

    Verify the encryption for tables, tablespaces, and schemas¶

    If a general tablespace contains tables, check the table information to see if the table is encrypted. When the general tablespace contains no tables, you may verify if the tablespace is encrypted or not.

    For single tablespaces, verify the ENCRYPTION option using INFORMATION_SCHEMA.TABLES and the CREATE OPTIONS settings.

    mysql> SELECT TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS FROM
           INFORMATION_SCHEMA.TABLES WHERE CREATE_OPTIONS LIKE '%ENCRYPTION%';
    
    Expected output
    +----------------------+-------------------+------------------------------+
    | TABLE_SCHEMA         | TABLE_NAME        | CREATE_OPTIONS               |
    +----------------------+-------------------+------------------------------+
    |sample                | t1                | ENCRYPTION="Y"               |
    +----------------------+-------------------+------------------------------+
    

    A flag field in the INFORMATION_SCHEMA.INNODB_TABLESPACES has bit number 13 set if the tablespace is encrypted. This bit can be checked with the flag & 8192 expression in the following way:

    SELECT space, name, flag, (flag & 8192) != 0 AS encrypted FROM
    INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE name in ('foo', 'test/t2', 'bar',
    'noencrypt');
    

    The encrypted table metadata is contained in the INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION table. You must have the Process privilege to view the table information.

    Note

    This table is in tech preview and may change in future releases.

       mysql> DESCRIBE INNODB_TABLESPACES_ENCRYPTION;
    
    Expected output
    +-----------------------------+--------------------+-----+----+--------+------+
    | Field                       | Type               | Null| Key| Default| Extra|
    +-----------------------------+--------------------+-----+----+--------+------+
    | SPACE                       | int(11) unsigned   | NO  |    |        |      |
    | NAME                        | varchar(655)       | YES |    |        |      |
    | ENCRYPTION_SCHEME           | int(11) unsigned   | NO  |    |        |      |
    | KEYSERVER_REQUESTS          | int(11) unsigned   | NO  |    |        |      |
    | MIN_KEY_VERSION             | int(11) unsigned   | NO  |    |        |      |
    | CURRENT_KEY_VERSION         | int(11) unsigned   | NO  |    |        |      |
    | KEY_ROTATION_PAGE_NUMBER    | bigint(21) unsigned| YES |    |        |      |
    | KEY_ROTATION_MAX_PAGE_NUMBER| bigint(21) unsigned| YES |    |        |      |
    | CURRENT_KEY_ID              | int(11) unsigned   | NO  |    |        |      |
    | ROTATING_OR_FLUSHING        | int(1) unsigned    | NO  |    |        |      |
    +-----------------------------+--------------------+-----+----+--------+------+
    

    To identify encryption-enabled schemas, query the INFORMATION_SCHEMA.SCHEMATA table:

    mysql> SELECT SCHEMA_NAME, DEFAULT_ENCRYPTION FROM
    INFORMATION_SCHEMA.SCHEMATA WHERE DEFAULT_ENCRYPTION='YES';
    
    Expected output
    +------------------------------+---------------------------------+
    | SCHEMA_NAME                  | DEFAULT_ENCRYPTION              |
    +------------------------------+---------------------------------+
    | samples                      | YES                             |
    +------------------------------+---------------------------------+
    

    Note

    The SHOW CREATE SCHEMA statement returns the DEFAULT ENCRYPTION clause.

    Contact us

    For free technical help, visit the Percona Community Forum.

    To report bugs or submit feature requests, open a JIRA ticket.

    For paid support and managed or consulting services , contact Percona Sales.


    Last update: 2023-01-12
    Percona LLC and/or its affiliates, © 2023
    Made with Material for MkDocs

    Cookie consent

    We use cookies to recognize your repeated visits and preferences, as well as to measure the effectiveness of our documentation and whether users find what they're searching for. With your consent, you're helping us to make our documentation better. Read more about Percona Cookie Policy.