Skip to content
Starting November 2023 Percona XtraBackup 2.4 has reached EOL status. If you have 5.7 databases, we encourage you to upgrade to 8.0 and then install Percona XtraBackup 8.0. Learn more

logo
Percona XtraBackup
The xbcrypt binary
Initializing search
    percona/pxb-docs
    percona/pxb-docs
    • Home
      • About Percona XtraBackup
      • How Percona XtraBackup Works
      • Understand version numbers
      • Installing Percona XtraBackup 2.4
      • Installing Percona XtraBackup on Debian and Ubuntu
      • Installing Percona XtraBackup on Red Hat Enterprise Linux and CentOS
      • Installing Percona XtraBackup from a Binary Tarball
      • Compiling and Installing from Source Code
      • Running Percona XtraBackup in a Docker container
      • Connection and Privileges Needed
      • Configuring xtrabackup
      • The Backup Cycle - Full Backups
      • Incremental Backup
      • Compressed Backup
      • Encrypted Backup
      • Percona XtraBackup User Manual
      • Throttling Backups
      • Lockless binary log information
      • Encrypted InnoDB Tablespace Backups
      • lock-ddl-per-table Option Improvements
      • How-tos and Recipes
        • Release notes index
        • Percona XtraBackup 2.4.29 (2023-12-18)
        • Percona XtraBackup 2.4.28 (2023-04-04)
        • Percona XtraBackup 2.4.27 (2022-12-06)
        • Percona XtraBackup 2.4.26
        • Percona XtraBackup 2.4.25
        • Percona XtraBackup 2.4.24
        • Percona XtraBackup 2.4.23
        • Percona XtraBackup 2.4.22
        • Percona XtraBackup 2.4.21
        • Percona XtraBackup 2.4.20
        • Percona XtraBackup 2.4.19
        • Percona XtraBackup 2.4.18
        • Percona XtraBackup 2.4.17
        • Percona XtraBackup 2.4.16
        • Percona XtraBackup 2.4.15
        • Percona XtraBackup 2.4.14
        • Percona XtraBackup 2.4.13
        • Percona XtraBackup 2.4.12
        • Percona XtraBackup 2.4.11
        • Percona XtraBackup 2.4.10
        • Percona XtraBackup 2.4.9
        • Percona XtraBackup 2.4.8
        • Percona XtraBackup 2.4.7-2
        • Percona XtraBackup 2.4.7
        • Percona XtraBackup 2.4.6
        • Percona XtraBackup 2.4.5
        • Percona XtraBackup 2.4.4
        • Percona XtraBackup 2.4.3
        • Percona XtraBackup 2.4.2
        • Percona XtraBackup 2.4.1
      • The xtrabackup Option Reference
      • The innobackupex Option Reference
      • The xbcloud Binary
      • Exponential Backoff
      • Using the xbcloud binary with Microsoft Azure Cloud Storage
      • The xbcrypt binary
        • -d, –decrypt
        • -i, –input=name
        • -o, –output=name
        • -a, –encrypt-algo=name
        • -k, –encrypt-key=name
        • -f, –encrypt-key-file=name
        • -s, –encrypt-chunk-size=
        • –encrypt-threads=
        • -v, –verbose
      • The xbstream binary
      • Known issues and limitations
      • Frequently Asked Questions
      • Glossary
      • Index of files created by Percona XtraBackup
      • Trademark policy
      • Copyright and licensing information
      • Version Checking

    • -d, –decrypt
    • -i, –input=name
    • -o, –output=name
    • -a, –encrypt-algo=name
    • -k, –encrypt-key=name
    • -f, –encrypt-key-file=name
    • -s, –encrypt-chunk-size=
    • –encrypt-threads=
    • -v, –verbose

    The xbcrypt binary¶

    To support encryption and decryption of the backups, a new tool xbcrypt was introduced to Percona XtraBackup.

    Percona XtraBackup 2.4.25 implements the XBCRYPT_ENCRYPTION_KEY environment variable. The variable is only used in place of the --encrypt_key=name option. You can use the environment variable or command line option. If you use both, the command line option takes precedence over the value specified in the environment variable.

    This utility has been modeled after The xbstream binary to perform encryption and decryption outside of Percona XtraBackup. xbcrypt has following command line options:

    -d, –decrypt¶

    Decrypt data input to output.

    -i, –input=name¶

    Optional input file. If not specified, input will be read from standard input.

    -o, –output=name¶

    Optional output file. If not specified, output will be written to standard output.

    -a, –encrypt-algo=name¶

    Encryption algorithm.

    -k, –encrypt-key=name¶

    Encryption key.

    -f, –encrypt-key-file=name¶

    File which contains encryption key.

    -s, –encrypt-chunk-size=¶

    Size of working buffer for encryption in bytes. The default value is 64K.

    –encrypt-threads=¶

    This option specifies the number of worker threads that will be used for parallel encryption/decryption.

    -v, –verbose¶

    Display verbose status output.

    Contact us

    For free technical help, visit the Percona Community Forum.

    To report bugs or submit feature requests, open a JIRA ticket.

    For paid support and managed or consulting services , contact Percona Sales.

    2022-07-19
    Percona LLC and/or its affiliates, © 2024 Cookie Preferences
    Made with Material for MkDocs