Uninstall Key Management Plugins

Final step of removing key management plugins from the configuration once all data and logs have been confirmed as unencrypted.

Once all data and logs have been decrypted, you can safely remove key management plugins, if desired. For example, if using the file key management plugin:

Comment out or remove the following lines 
plugin_load_add = file_key_management 
file_key_management_filename = /etc/mysql/encryption/keyfile

Restart the server after editing the configuration.

Ensure that all tables no longer report encryption in CREATE_OPTIONS.
Confirm that redo logs and binary logs are unencrypted by checking server variables and log headers.
Confirm that no key management plugin is loaded:

SHOW PLUGINS;

PreviousDecrypt Binary Logs NextSecurity Vulnerabilities Fixed in MariaDB

Last updated 28 days ago

Was this helpful?