Plugin 'file_key_management' init function returned error-key.txt not found (Errcode: 13 "Permission denied")

[Trupti Mali]

Hi, I was trying out Data at rest security and i created key using commands below mkdir /root/encrypt/ cd /root/encrypt/ openssl enc -aes-256-cbc -k secretPassword -P -md sha1 - saved the output in a key.txt (in the format  1;<iv>;<key>) openssl enc -aes-256-cbc -md sha1 -k secretPassword2 -in key.txt -out key.enc all this I did was in a folder /root/encrypt/ then in the my.cnf -  [mysqld] plugin-load-add=file_key_management.so file_key_management file_key_management_filename = /root/encrypt/key.enc file_key_management_filekey = FILE:/root/encrypt/key.txt file_key_management_encryption_algorithm = AES_CBC #innodb-encrypt-tables=ON #innodb-encrypt-log=true ​ on starting the server - i get this error in the logs...mysql starts but fails to initialize encryption I tried changing the owner of key.txt to mysql also tried changing its mode to 755. But no use. Still get the same error. [ERROR] mysqld: File '/root/encrypt/key.txt' not found (Errcode: 13 "Permission denied") [ERROR] Plugin 'file_key_management' init function returned error. [ERROR] Plugin 'file_key_management' registration as a ENCRYPTION failed. Please help

[jd...@ecrs.com]

Did you ever solve the problem?

[Matthew Zillah]

There are a couple of ways to fix this as this is a permission error.

You will want to try to move your /root/encrypt folder to a folder readable by the server user - which most likely is 'mysql'.

For example, on my ubuntu server i put my encrypted files under my regular configuration folder: /etc/mysql/encrypt/

# mv /root/encrypt /etc/mysql/

Then in your my.cnf change your encrypt folder from /root/encrypt/ to /etc/mysql/encrypt/

And restart!  

Also, keep in mind - it won't encrypt your EXISTING innodb databases, as it will only encrypt *NEW* ones.  To encrypt existing innodb, you will either have to recreate them, or ALTER DATABASE

https://dev.mysql.com/doc/refman/8.0/en/alter-database.html