I believe you’ve got the process right, if you need to clean sensitive data to that extent. You could have values hiding in the change buffer, undo buffer, double write buffer, and it would be hard to guarantee that you’ve overwritten every page of these unless you physically remove the ibdata1 file. If you remove that file, you'd have to dump and restore all InnoDB data as you describe (or temporarily convert InnoDB tables to MyISAM and then back after you’ve recreated a new tablespace).
One possible short-cut:
1. Use file-per-table for all tables.
2. Stop input sources.
3. Perform a super clean shutdown (innodb_fast_shutdown=0) to force all change buffers and undo buffers to be processed.
4. Restart mysqld.
5. Use ALTER TABLE .. ENGINE=InnoDB ALGORITHM=COPY to force a table restructure, which will only copy current data (the latter option is 5.6 specific).
6. Dump metadata only (mysqldump --no-data).
7. Stop mysqld.
8. Remove ibdata1 and redo logs, but not the individual tables.
9. Move all .ibd files to somewhere safe (not the data directory, but may be on the same disk volume so mv is quick)
10. Restart mysqld.
11. Reimport the metadata you dumped, creating new empty tables.
12. Use ALTER TABLE .. DISCARD TABLESPACE for each table to remove the (empty) tablespaces.
13. Move your saved (full) .ibd files back into the data directory.
14. Reattach the tablespaces with ALTER TABLE .. IMPORT TABLESPACE.
15. Re-enable input sources.
This should be a lot faster than the dump & restore of full data, but it’s kind of a meticulous process. You should write a script to automate as much of the steps as you can.
Caveat: I have not tested this, so I can’t guarantee that it scrubs your data in the way you need. You’ll have to test that.
--
Bill Karwin
Senior Knowledge Manager