MySQL has InnoDB data encryption, and Galera Cluster has supported it since it appeared in the main server. The one thing that was not covered was the encryption of the Galera Cache (the galera.cache file).
Here is a simple extract from the binlog.000001 files.
strings binlog.* |grep Custom |wc -l 10000 strings galera.cache |grep Custom |wc -l 10000
strings galera.cache|tail -10 Customer9100 Customer9099 Customer9098 Customer9097 Customer9096 Customer9095 Customer9094 Customer9093 Customer9092 Customer9091
You need to edit your /etc/my.cnf to include:
Note that in this example we are using the keyring_file plugin, which stores keyring data in a file on the local server host. This is not intended for regulatory compliance. You need to use a key management server that protects encryption keys in key vaults or hardware …[Read more]