I'm trying to set up encryption at rest on MySQL 9.1.0 on Windows using component_keyring_file.
Setup:
- MySQL 9.1.0 installed at
C:\MySQL\mysql-9.1.0-winx64\ - OS: Windows 11
- Running MySQL as a service (MySQL91)
What I did: I created a manifest file at C:\MySQL\mysql-9.1.0-winx64\bin\mysqld.my and marked it as read-only using attrib +R. The file contains:
C:\MySQL\mysql-9.1.0-winx64\bin\mysqld.my (read-only):
{
"read_local_manifest": false,
"components": "file://component_keyring_file"
}
I also created the component config file at C:\MySQL\mysql-9.1.0-winx64\lib\plugin\component_keyring_file.cnf:
{
"path": "C:/MySQL/mysql-9.1.0-winx64/keyring/component_keyring_file.keys",
"read_only": false
}
The keyring folder C:/MySQL/mysql-9.1.0-winx64/keyring exists and has full permissions granted to NETWORK SERVICE.
Error on startup:
mysqld: Unknown error 1126
mysqld: Unknown error 3529
[ERROR] [MY-013709] [Server] Received an error while processing components from manifest file: Failed to load components from manifest file
What I've tried:
- Placing manifest file in
bin\and root directory - Using absolute and relative paths in
.cnf - Giving NETWORK SERVICE full permissions to keyring folder
- Moving keyring folder outside MySQL directory to
C:\keyring
Question:
What is the correct way to set up component_keyring_file on MySQL 9.1.0 on Windows?
