MySQL Enterprise Backup User's Guide (Version 8.0.16)

7.4 Working with Encrypted Binary and Relay Logs

MySQL Enterprise Backup 8.0.14 and later supports encrypted binary and relay logs, which are handled in a similar way as the encrypted InnoDB tables are (see Chapter 6, Working with Encrypted InnoDB Tablespaces for details).

When backing up encrypted binary or relay logs, the option --encrypt-password is required for the following purposes:

When restoring encrypted binary or relay logs, the same password used for backing up the database must be supplied with the --encrypt-password option, as mysqlbackup performs the following actions:

For Incremental Backups.  For a series of incremental backups, if a keyring plugin other than keyring_encrypted_file is being used on the server, users can provide a different value for --encrypt-password for any of the full or incremental backup in the backup sequence. However, the password used to make the specific full or incremental backup must be provided to restore that backup. When starting the server after restoring a series of incremental backups, the password used for the restore of the last incremental backup should be supplied to the server (except for a MySQL Community Server, which will start with the keyring_file plugin and does not require the keyring_encrypted_file_password option to start).