Decrypt Aria Tables

If you have Aria tables encrypted, you must first decrypt them:

ALTER TABLE my_table ENCRYPTED=NO;

Repeat this for each Aria table that is encrypted.

• Ensure the server can currently read encrypted data Keep your key management/encryption plugin configured and loaded so MariaDB can read existing encrypted Aria tables. Don’t remove the plugin yet.

• Turn off Aria encryption for future writes Set the global variable to off and restart if set in config:

  Copy

  -- Immediate effect for the running instance
  SET GLOBAL aria_encrypt_tables = OFF;

  Also set in the option file to persist:

  Copy

  [mysqld]
  aria_encrypt_tables=OFF

  With encryption disabled, any newly rebuilt Aria table will be written unencrypted. MariaDB

• Rebuild Aria tables to rewrite them unencrypted Rebuilding causes MariaDB to rewrite data and index files (.MAD/.MAI) in the current (now unencrypted) mode. Typical ways to rebuild:

  • ALTER TABLE t ENGINE=Aria;

  • ALTER TABLE t ALGORITHM=COPY; (forces a copy/rebuild)

  • OPTIMIZE TABLE t; (for Aria this rebuilds the table)

  Example (single table):

  Copy

  ALTER TABLE db1.my_aria_table ENGINE=Aria, ALGORITHM=COPY, LOCK=SHARED;

• Repeat for all Aria tables you want decrypted Generate statements for every Aria table:

  Copy

  SELECT CONCAT('ALTER TABLE `', table_schema, '`.`', table_name, 
                '` ENGINE=Aria, ALGORITHM=COPY;') AS ddl
  FROM information_schema.tables
  WHERE ENGINE='Aria'
    AND table_schema NOT IN ('mysql','information_schema','performance_schema','sys');

  Review and run the generated DDL. (System tables may use Aria in newer releases—handle with care.) MariaDB

• Verify and then remove encryption dependencies (optional) Once all targeted Aria tables are rebuilt and unencrypted, and you have no other encrypted assets relying on the plugin (e.g., InnoDB encryption, binlog encryption), you can remove or disable the key management/encryption plugin.