ZRM for MySQL encryption: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
''ZRM for MySQL'' supports backup data encryption using tools available on the platform such as [http://www.gnupg.org GPG] (GnuPG). The backup data is encrypted on the machine running ''ZRM for MySQL''. The backup index is not encrypted. Only the backup images are encrypted if the remote MySQL server are being backed up | ''ZRM for MySQL'' supports backup data encryption using tools available on the platform such as [http://www.gnupg.org GPG] (GnuPG). The backup data is encrypted on the machine running ''ZRM for MySQL''. The backup index is not encrypted. Only the backup images are encrypted if the remote MySQL server are being backed up | ||
* For logical backups, it is recommended to use SSL for encryption of the data being | * For logical backups, it is recommended to use SSL for encryption of the data being transferred. Use ssl-* options in [[Backup_Set_Parameters#MySQL_Server_Parameters|backup set parameters]] in [[mysql-zrm.conf]] | ||
* For raw backups, it is recommended to use the ssh based copy plugin. | * For raw backups, it is recommended to use the ssh based copy plugin. | ||
Latest revision as of 21:07, 15 September 2008
ZRM for MySQL supports backup data encryption using tools available on the platform such as GPG (GnuPG). The backup data is encrypted on the machine running ZRM for MySQL. The backup index is not encrypted. Only the backup images are encrypted if the remote MySQL server are being backed up
- For logical backups, it is recommended to use SSL for encryption of the data being transferred. Use ssl-* options in backup set parameters in mysql-zrm.conf
- For raw backups, it is recommended to use the ssh based copy plugin.
ZRM for MySQL does not provide key management. The user is expected to create and configure encryption keys as well as passphrases. It is important the keys are kept securely, otherwise, database backup images cannot be restored.
Backup data encryption is configured by mysql-zrm.conf parameters.
- encrypt: Enables/Disables data encryption for the backup set. Default is no encryption. Value 1 means backup data will be encrypted. Value 0 means no encryption. If encryption is enabled, the encrypt-plugin must be specified.
- encrypt-plugin: Full path to the command used for encryption. The plugin should encrypt the data from the standard input and output encrypted data back to the standard output. A sample encrypt plugin is available in /usr/share/mysql-zrm/plugins/encrypt.pl. The template encrypt plugin uses GPG (GNU Privacy Guard). Modify the sample plugin to suit your needs.
- decrypt-option: The command line option of the encrypt-plugin to decrypt the backup data. This option is used during database recovery.
- passfile : File containing the passphrase used for encryption. This parameter is read by the sample GPG based encryption plugin - encrypt.pl.