InnoDB: Disabling Encryption
Instructions for safely disabling encryption on InnoDB tables, emphasizing the critical need to decrypt all tablespaces and redo logs using background threads or ALTER TABLE.
Overview
1
Disable automatic encryption.
-- Disable encryption for new tables and the system tablespace
SET GLOBAL innodb_encrypt_tables = OFF;
-- Enable encryption threads to perform the decryption work
SET GLOBAL innodb_encryption_threads = 4;
-- Force rotation to unencrypted state by setting age to 1
SET GLOBAL innodb_encryption_rotate_key_age = 1;[mariadb]
innodb_encrypt_tables = OFF
innodb_encryption_threads = 4
innodb_encryption_rotate_key_age = 12
Decrypt manually encrypted tables.
Identify Manually Encrypted Tables
SELECT TABLE_SCHEMA, TABLE_NAME
FROM information_schema.TABLES
WHERE ENGINE='InnoDB'
AND (CREATE_OPTIONS LIKE '%ENCRYPTED=YES%' OR CREATE_OPTIONS LIKE '%ENCRYPTION="Y"%');Perform Decryption
ALTER TABLE db_name.table_name ENCRYPTION='N';3
4
Monitor and verify decryption status.
Check Background Progress
SELECT COUNT(*) AS "Encrypted_Tablespaces"
FROM information_schema.INNODB_TABLESPACES_ENCRYPTION
WHERE ENCRYPTION_SCHEME != 0 OR ROTATING_OR_FLUSHING != 0;Verify Individual Tables
SELECT TABLE_NAME, CREATE_OPTIONS
FROM information_schema.TABLES
WHERE TABLE_SCHEMA = 'your_database_name';Last updated
Was this helpful?

