Percona encryption at the rest

Configure mysql

/etc/mysql/mysql

[mysqld]
# Encryption
early-plugin-load = keyring_file.so
keyring_file_data = /var/lib/mysql-keyring/keyring

Maintenance

Pregenerovani klice

ALTER INSTANCE ROTATE INNODB MASTER KEY;

Zasifrovani tabulky

ALTER TABLE moje_tabulka ENCRYPTION='Y';

Encrypt existing database

export dbname="jmeno_databaze"
mysql -B -N -e "SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='$dbname' and TABLE_TYPE='BASE TABLE'" |
while read line; do pt-online-schema-change --execute --alter "engine=innodb encryption='Y'" D=$dbname,t=$line; done