--encrypt-password[=STRING]

The user-supplied password by which mysqlbackup encrypts the master encryption key, which is used to encrypt the encryption keys for the InnoDB tablespaces or binary/relay log files.

The option must be used when backing up a server that has a keyring plugin or component enabled for InnoDB table or binary/relay log encryption and for restoring a backup containing encrypted InnoDB tables or binary/relay log. If the server is using the component_keyring_encrypted_file keyring component, the password supplied with the option must match the keyring file encryption password that has been set on the server with the component_keyring_encrypted_file.cnf file. If the server uses the keyring_hashicorp plugin, use the option to supply the HashiCorp Vault AppRole authentication secret ID, which was the value of keyring_hashicorp_secret_id on the server to be backed up.

The same password supplied during backup must be supplied again during a copy-back-and-apply-log, apply-log, or an apply-incremental-backup operation for the backup, or mysqlbackup will error out when it encounters encrypted InnoDB tables or binary/relay logs during the operation. If different passwords were used for different backups in a sequence of full and incremental backups, make sure the very password used to create an individual backup is supplied when performing an apply-log, apply-incremental-backup, or copy-back-and-apply-log operation on it.

Users who do not want to supply the password on the command line or in a default file may use the option without specifying any value; mysqlbackup then asks the user to type in the password before the operation starts.