Skip to content
logo
Percona Product Documentation
Verifying the Encryption for Tables, Tablespaces, and Schemas
Initializing search
    percona/psmysql-docs
    percona/psmysql-docs
    • Home
      • The Percona XtraDB Storage Engine
      • List of features available in Percona Server for MySQL releases
      • Percona Server for MySQL Feature Comparison
      • Changed in Percona Server 8.0
      • Understand version numbers
      • Installing Percona Server for MySQL
      • Post-Installation
      • Percona Server for MySQL In-Place Upgrading Guide: From 5.7 to 8.0
      • Upgrading using the Percona repositories
      • Upgrading from Systems that Use the MyRocks or TokuDB Storage Engine and Partitioned Tables
      • Upgrading using Standalone Packages
      • Running Percona Server for MySQL in a Docker Container
      • Docker config
      • Improved InnoDB I/O Scalability
      • Adaptive Network Buffers
      • Multiple page asynchronous I/O requests
      • Thread Pool
      • XtraDB Performance Improvements for I/O-Bound Highly-Concurrent Workloads
      • Prefix Index Queries Optimization
      • Limiting the Estimation of Records in a Query
      • Jemalloc Memory Allocation Profiling
      • The ProcFS plugin
      • Binlogging and replication improvements
      • Compressed columns with dictionaries
      • Extended SELECT INTO OUTFILE/DUMPFILE
      • Extended SET VAR Optimizer Hint
      • Improved MEMORY Storage Engine
      • Suppress Warning Messages
      • Limiting the disk space used by binary log files
      • Support for PROXY protocol
      • SEQUENCE_TABLE(n) Function
      • Slow Query Log Rotation and Expiration
      • Too Many Connections Warning
      • Handle Corrupted Tables
      • Percona Toolkit UDFs
      • Kill Idle Transactions
      • XtraDB changed page tracking
      • Enforcing Storage Engine
      • Expanded Fast Index Creation
      • Backup Locks
      • Audit Log Plugin
      • Start transaction with consistent snapshot
      • Extended SHOW GRANTS
      • Utility user
      • PAM Authentication Plugin
      • Using LDAP authentication plugins
      • LDAP authentication plugin system variables
      • Working with SELinux
      • Working with AppArmor
      • Data at Rest Encryption
      • Using the keyring component or keyring plugin
      • Using the Key Management Interoperability Protocol (KMIP)
      • Encryption functions
      • Using the Amazon Key Management Service (AWS KMS)
      • FIDO authentication plugin
      • Rotating the Master Key
      • Encrypting File-Per-Table Tablespace
      • Encrypting a Schema or a General Tablespace
      • Encrypting the System Tablespace
      • Encrypting Temporary Files
      • Encrypting Binary Log Files and Relay Log Files
      • Encrypting the Redo Log files
      • Encrypting the Undo Tablespace
      • Working with Advanced Encryption Key Rotation
      • Encrypting Doublewrite Buffers
      • Verifying the Encryption for Tables, Tablespaces, and Schemas
      • SSL Improvements
      • Data Masking
      • Server variables
      • User Statistics
      • Slow Query Log
      • Extended Show Engine InnoDB Status
      • Show Storage Engines
      • Process List
      • Misc. INFORMATION_SCHEMA Tables
      • Thread Based Profiling
      • InnoDB Page Fragmentation Counters
      • Stacktrace
      • Libcoredumper
      • Manage Group Replication flow control
      • Group replication system variables
      • Percona MyRocks Introduction
      • Percona MyRocks Installation Guide
      • Updated Supported Features
      • MyRocks Limitations
      • Differences between Percona MyRocks and Facebook MyRocks
      • MyRocks Information Schema Tables
      • MyRocks Server Variables
      • MyRocks Status Variables
      • Gap locks detection
      • Data Loading
      • Installing and configuring Percona Server for MySQL with ZenFS support
      • TokuDB Introduction
      • TokuDB Installation
      • Using TokuDB
      • Fast Updates with TokuDB
      • TokuDB files and file types
      • TokuDB file management
      • TokuDB Background ANALYZE TABLE
      • TokuDB Variables
      • TokuDB Status Variables
      • TokuDB Fractal Tree Indexing
      • TokuDB Troubleshooting
      • TokuDB Performance Schema Integration
      • Frequently Asked Questions
      • Migrating and Removing the TokuDB storage engine
      • Percona TokuBackup
      • Percona Server for MySQL 8.0 Release notes
      • Percona Server for MySQL 8.0.30-22 (2022-11-21)
      • Percona Server for MySQL 8.0.29-21 (2022-08-08)
      • Percona Server for MySQL 8.0.28-20 (2022-06-20)
      • Percona Server for MySQL 8.0.28-19 (2022-05-12)
      • Percona Server for MySQL 8.0.27-18 (2022-03-02)
      • Percona Server for MySQL 8.0.26-17 (2022-01-26)
      • Percona Server for MySQL 8.0.26-16 (2021-10-20)
      • Percona Server for MySQL 8.0.25-15 (2021-07-13)
      • Percona Server for MySQL 8.0.23-14 (2021-05-12)
      • Percona Server for MySQL 8.0.22-13 (2020-12-14)
      • Percona Server for MySQL 8.0.21-12 (2020-10-13)
      • Percona Server for MySQL 8.0.20-11 (2020-07-21)
      • Percona Server for MySQL 8.0.19-10 (2020-03-23)
      • Percona Server for MySQL 8.0.18-9
      • Percona Server for MySQL 8.0.17-8
      • Percona Server for MySQL 8.0.16-7
      • Percona Server for MySQL 8.0.15-6
      • Percona Server for MySQL 8.0.15-5
      • Percona Server for MySQL 8.0.14
      • Percona Server for MySQL 8.0.13-4
      • Percona Server for MySQL 8.0.13-3
      • Percona Server for MySQL 8.0.12-2rc1
      • List of upstream MySQL bugs fixed in Percona Server for MySQL 8.0
      • List of variables introduced in Percona Server for MySQL 8.0
      • Development of Percona Server for MySQL
      • Trademark policy
      • Index of INFORMATION_SCHEMA Tables
      • Frequently Asked Questions
      • Copyright and licensing information
      • Glossary

    Verifying the Encryption for Tables, Tablespaces, and Schemas¶

    If a general tablespace contains tables, check the table information to see if the table is encrypted. When the general tablespace contains no tables, you may verify if the tablespace is encrypted or not.

    For single tablespaces, verify the ENCRYPTION option using INFORMATION_SCHEMA.TABLES and the CREATE OPTIONS settings.

    mysql> SELECT TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS FROM
       INFORMATION_SCHEMA.TABLES WHERE CREATE_OPTIONS LIKE '%ENCRYPTION%';

    The output could be the following:

    +----------------------+-------------------+------------------------------+
| TABLE_SCHEMA         | TABLE_NAME        | CREATE_OPTIONS               |
+----------------------+-------------------+------------------------------+
|sample                | t1                | ENCRYPTION="Y"               |
+----------------------+-------------------+------------------------------+

    A flag field in the INFORMATION_SCHEMA.INNODB_TABLESPACES has bit number 13 set if the tablespace is encrypted. This bit can be checked with the flag & 8192 expression in the following way:

    SELECT space, name, flag, (flag & 8192) != 0 AS encrypted FROM
INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE name in ('foo', 'test/t2', 'bar',
'noencrypt');

    The encrypted table metadata is contained in the INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION table. You must have the Process privilege to view the table information.

    Note

    This table is in tech preview and may change in future releases.

       mysql> DESCRIBE INNODB_TABLESPACES_ENCRYPTION;

    The output could be:

    +-----------------------------+--------------------+-----+----+--------+------+
| Field                       | Type               | Null| Key| Default| Extra|
+-----------------------------+--------------------+-----+----+--------+------+
| SPACE                       | int(11) unsigned   | NO  |    |        |      |
| NAME                        | varchar(655)       | YES |    |        |      |
| ENCRYPTION_SCHEME           | int(11) unsigned   | NO  |    |        |      |
| KEYSERVER_REQUESTS          | int(11) unsigned   | NO  |    |        |      |
| MIN_KEY_VERSION             | int(11) unsigned   | NO  |    |        |      |
| CURRENT_KEY_VERSION         | int(11) unsigned   | NO  |    |        |      |
| KEY_ROTATION_PAGE_NUMBER    | bigint(21) unsigned| YES |    |        |      |
| KEY_ROTATION_MAX_PAGE_NUMBER| bigint(21) unsigned| YES |    |        |      |
| CURRENT_KEY_ID              | int(11) unsigned   | NO  |    |        |      |
| ROTATING_OR_FLUSHING        | int(1) unsigned    | NO  |    |        |      |
+-----------------------------+--------------------+-----+----+--------+------+

    To identify encryption-enabled schemas, query the INFORMATION_SCHEMA.SCHEMATA table:

    mysql> SELECT SCHEMA_NAME, DEFAULT_ENCRYPTION FROM
INFORMATION_SCHEMA.SCHEMATA WHERE DEFAULT_ENCRYPTION='YES';

    The output could be:

    +------------------------------+---------------------------------+
| SCHEMA_NAME                  | DEFAULT_ENCRYPTION              |
+------------------------------+---------------------------------+
| samples                      | YES                             |
+------------------------------+---------------------------------+

    Note

    The SHOW CREATE SCHEMA statement returns the DEFAULT ENCRYPTION clause.

    Contact Us

    For free technical help, visit the Percona Community Forum.

    To report bugs or submit feature requests, open a JIRA ticket.

    For paid support and managed or consulting services , contact Percona Sales.

    Last update: 2022-09-22
    Back to top
    Previous Encrypting Doublewrite Buffers
    Next SSL Improvements
    Percona LLC, © 2022
    Made with Material for MkDocs