MySQL 8.0 Reference Manual Including MySQL NDB Cluster 8.0

6.6.8 mysql_migrate_keyring — Keyring Key Migration Utility

The mysql_migrate_keyring utility migrates keys between one keyring component and another. It supports offline and online migrations.

Invoke mysql_migrate_keyring like this (enter the command on a single line):

  [other options]

For information about key migrations and instructions describing how to perform them using mysql_migrate_keyring and other methods, see Section, “Migrating Keys Between Keyring Keystores”.

mysql_migrate_keyring supports the following options, which can be specified on the command line or in the [mysql_migrate_keyring] group of an option file. For information about option files used by MySQL programs, see Section, “Using Option Files”.

Table 6.22 mysql_migrate_keyring Options

Option Name Description Introduced Deprecated
--component-dir Directory for keyring components
--defaults-extra-file Read named option file in addition to usual option files
--defaults-file Read only named option file
--defaults-group-suffix Option group suffix value
--destination-keyring Destination keyring component name
--destination-keyring-configuration-dir Destination keyring component configuration directory
--get-server-public-key Request RSA public key from server
--help Display help message and exit
--host Host on which MySQL server is located
--login-path Read login path options from .mylogin.cnf
--no-defaults Read no option files
--online-migration Migration source is an active server
--password Password to use when connecting to server
--port TCP/IP port number for connection
--print-defaults Print default options
--server-public-key-path Path name to file containing RSA public key
--socket Unix socket file or Windows named pipe to use
--source-keyring Source keyring component name
--source-keyring-configuration-dir Source keyring component configuration directory
--ssl-ca File that contains list of trusted SSL Certificate Authorities
--ssl-capath Directory that contains trusted SSL Certificate Authority certificate files
--ssl-cert File that contains X.509 certificate
--ssl-cipher Permissible ciphers for connection encryption
--ssl-crl File that contains certificate revocation lists
--ssl-crlpath Directory that contains certificate revocation-list files
--ssl-fips-mode Whether to enable FIPS mode on client side 8.0.34
--ssl-key File that contains X.509 key
--ssl-mode Desired security state of connection to server
--ssl-session-data File that contains SSL session data 8.0.29
--ssl-session-data-continue-on-failed-reuse Whether to establish connections if session reuse fails 8.0.29
--tls-ciphersuites Permissible TLSv1.3 ciphersuites for encrypted connections
--tls-version Permissible TLS protocols for encrypted connections
--user MySQL user name to use when connecting to server
--verbose Verbose mode
--version Display version information and exit