MySQL 8.0 Reference Manual Including MySQL NDB Cluster 8.0
MySQL supports the following keyring-related command-line options:
--keyring-migration-destination=
plugin
| Command-Line Format | --keyring-migration-destination=plugin_name |
|---|---|
| Type | String |
The destination keyring plugin for key migration. See
Section 8.4.4.14, “Migrating Keys Between Keyring Keystores”. The option value
interpretation depends on whether
--keyring-migration-to-component
is specified:
If no, the option value is a keyring plugin, interpreted
the same way as for
--keyring-migration-source.
If yes, the option value is a keyring component,
specified as the component library name in the plugin
directory, including any platform-specific extension
such as .so or
.dll.
--keyring-migration-source
and
--keyring-migration-destination
are mandatory for all keyring migration operations. The
source and destination plugins must differ, and the
migration server must support both plugins.
--keyring-migration-host=
host_name
| Command-Line Format | --keyring-migration-host=host_name |
|---|---|
| Type | String |
| Default Value | localhost |
The host location of the running server that is currently
using one of the key migration keystores. See
Section 8.4.4.14, “Migrating Keys Between Keyring Keystores”. Migration always
occurs on the local host, so the option always specifies a
value for connecting to a local server, such as
localhost, 127.0.0.1,
::1, or the local host IP address or host
name.
--keyring-migration-password[=
password]
| Command-Line Format | --keyring-migration-password[=password] |
|---|---|
| Type | String |
The password of the MySQL account used for connecting to the running server that is currently using one of the key migration keystores. See Section 8.4.4.14, “Migrating Keys Between Keyring Keystores”.
The password value is optional. If not given, the server
prompts for one. If given, there must be no
space between
--keyring-migration-password=
and the password following it. If no password option is
specified, the default is to send no password.
Specifying a password on the command line should be considered insecure. See Section 8.1.2.1, “End-User Guidelines for Password Security”. You can use an option file to avoid giving the password on the command line. In this case, the file should have a restrictive mode and be accessible only to the account used to run the migration server.
--keyring-migration-port=
port_num
| Command-Line Format | --keyring-migration-port=port_num |
|---|---|
| Type | Numeric |
| Default Value | 3306 |
For TCP/IP connections, the port number for connecting to the running server that is currently using one of the key migration keystores. See Section 8.4.4.14, “Migrating Keys Between Keyring Keystores”.
--keyring-migration-socket=
path
| Command-Line Format | --keyring-migration-socket={file_name|pipe_name} |
|---|---|
| Type | String |
For Unix socket file or Windows named pipe connections, the socket file or named pipe for connecting to the running server that is currently using one of the key migration keystores. See Section 8.4.4.14, “Migrating Keys Between Keyring Keystores”.
--keyring-migration-source=
plugin
| Command-Line Format | --keyring-migration-source=plugin_name |
|---|---|
| Type | String |
The source keyring plugin for key migration. See Section 8.4.4.14, “Migrating Keys Between Keyring Keystores”.
The option value is similar to that for
--plugin-load, except that
only one plugin library can be specified. The value is given
as plugin_library or
name=plugin_library,
where plugin_library is the name
of a library file that contains plugin code, and
name is the name of a plugin to
load. If a plugin library is named without any preceding
plugin name, the server loads all plugins in the library.
With a preceding plugin name, the server loads only the
named plugin from the library. The server looks for plugin
library files in the directory named by the
plugin_dir system variable.
--keyring-migration-source
and
--keyring-migration-destination
are mandatory for all keyring migration operations. The
source and destination plugins must differ, and the
migration server must support both plugins.
--keyring-migration-to-component
| Command-Line Format | --keyring-migration-to-component[={OFF|ON}] |
|---|---|
| Introduced | 8.0.24 |
| Type | Boolean |
| Default Value | OFF |
Indicates that a key migration is from a keyring plugin to a keyring component. This option makes it possible to migrate keys from any keyring plugin to any keyring component, which facilitates transitioning a MySQL installation from keyring plugins to keyring components.
For key migration from one keyring component to another, use the mysql_migrate_keyring utility. Migration from a keyring component to a keyring plugin is not supported. See Section 8.4.4.14, “Migrating Keys Between Keyring Keystores”.
--keyring-migration-user=
user_name
| Command-Line Format | --keyring-migration-user=user_name |
|---|---|
| Type | String |
The user name of the MySQL account used for connecting to the running server that is currently using one of the key migration keystores. See Section 8.4.4.14, “Migrating Keys Between Keyring Keystores”.