In order to enable data-at-rest encryption for tables using the Aria storage engine, you first need to configure the server to use an Encryption Key Management plugin. Once this is done, you can enable encryption by setting the relevant system variables.
With tables that the user creates, you can enable encryption by setting the aria_encrypt_tables system variable to ON, then restart the Server. Once this is set, Aria automatically enables encryption on all tables you create after with the ROW_FORMAT table option set to PAGE.
Currently, Aria does not support encryption on tables where the ROW_FORMAT table option is set to the FIXED or DYNAMIC values.
Unlike InnoDB, Aria does not support the table option (see about that). Encryption for Aria can only be enabled globally using the system variable.
In cases where you have existing Aria tables that you would like to encrypt, the process is a little more complicated. Unlike InnoDB, Aria does not utilize to automatically perform encryption changes (see about that). Therefore, to encrypt existing tables, you need to identify each table that needs to be encrypted, and then you need to manually rebuild each table.
First, set the aria_encrypt_tables system variable to encrypt new tables.
Identify Aria tables that have the ROW_FORMAT table option set to PAGE.
For each table in the result-set, issue an ALTER TABLE statement to rebuild the table.
This statement causes Aria to rebuild the table using the ROW_FORMAT table option. In the process, with the new default setting, it encrypts the table when it writes to disk.
During the execution of queries, MariaDB routinely creates internal temporary tables. These internal temporary tables initially use the storage engine, which is entirely stored in memory. When the table size exceeds the allocation defined by the system variable, MariaDB writes the data to disk using another storage engine. If you have the set to ON, MariaDB uses Aria in writing the internal temporary tables to disk.
Encryption for internal temporary tables is handled separately from encryption for user-created tables. To enable encryption for these tables, set the system variable to ON. Once set, all internal temporary tables that are written to disk using Aria are automatically encrypted.
Currently, Aria does not support manually encrypting tables through the and table options. For more information, see .
In cases where you want to encrypt tables manually or set the specific encryption key, use .
This page is licensed: CC BY-SA / Gnu FDL
SET GLOBAL aria_encrypt_tables=ON;SELECT TABLE_SCHEMA, TABLE_NAME
FROM information_schema.TABLES
WHERE ENGINE='Aria'
AND ROW_FORMAT='PAGE'
AND TABLE_SCHEMA != 'information_schema';ALTER TABLE test.aria_table ENGINE=Aria ROW_FORMAT=PAGE;