The process involved in safely disabling data-at-rest encryption for your Aria tables is very similar to that of enabling encryption. To disable, you need to set the relevant system variables and then rebuild each table into an unencrypted state.
Don't remove the Encryption Key Management plugin from your configuration file until you have unencrypted all tables in your database. MariaDB cannot read encrypted tables without the relevant encryption key.
With tables that the user creates, you can disable encryption by setting the aria_encrypt_tables system variable to OFF. Once this is set, MariaDB no longer encrypts new tables created with the Aria storage engine.
SET GLOBAL aria_encrypt_tables = OFF;Unlike , Aria does not currently use background encryption threads. Before removing the plugin from the configuration file, you first need to manually rebuild each table to an unencrypted state.
To find the encrypted tables, query the Information Schema, filtering the table for those that use the Aria storage engine and the PAGE .
Each table in the result-set was potentially written to disk in an encrypted state. Before removing the configuration for the encryption keys, you need to rebuild each of these to an unencrypted state. This can be done with an statement.
Once all of the Aria tables are rebuilt, they're safely unencrypted.
MariaDB routinely creates internal temporary tables. When these temporary tables are written to disk and the system variable is set to ON, MariaDB uses the Aria storage engine.
To decrypt these tables, set the to OFF. Once set, all internal temporary tables that are created from that point on are written unencrypted to disk.
This page is licensed: CC BY-SA / Gnu FDL
SELECT TABLE_SCHEMA, TABLE_NAME
FROM information_schema.TABLES
WHERE ENGINE = 'Aria'
AND ROW_FORMAT = 'PAGE'
AND TABLE_SCHEMA != 'information_schema';ALTER TABLE test.aria_table ENGINE = Aria ROW_FORMAT = PAGE;