Purpose
If transparent encryption is configured for the source tenant, you must use this statement to back up the key for the source tenant before you back up data.
Limitations and considerations
After you back up the key, if key rotation is triggered for the source tenant, you must back up the key again before you restore the data.
Required privileges
Only the root user of the sys tenant (root@sys) or the administrator user of a user tenant can execute this statement.
- The default administrator user in MySQL mode is
root. - The default administrator user in Oracle mode is
SYS.
Syntax
ALTER SYSTEM BACKUP KEY [TENANT [=] {tenant_name[, tenant_name]...}] TO 'backup_key_path' [ENCRYPTED BY 'password'];
Parameters
| Parameter | Description |
|---|---|
| tenant_name | The name of the tenant for which you want to back up the key. This parameter is used in the sys tenant. If you specify multiple tenants, separate the tenant names with commas (,). If you do not specify this parameter in the sys tenant, the keys of all user tenants in the cluster are backed up.
NoticeWhen you execute this statement in the |
| backup_key_path | The backup path for the key. This path is user-defined and cannot be the same as the data backup path or log archive path. |
| password | The password for the key backup path. If you do not specify this parameter, the backup path is not encrypted. |
Examples
In the
systenant, back up the key of themysql_tenanttenant to the'file:///data_backup_dest/key'path.obclient [oceanbase]> ALTER SYSTEM BACKUP KEY TENANT = mysql_tenant TO 'file:///data_backup_dest/key' ENCRYPTED BY '******';In the
mysql_tenanttenant, back up the key of the current tenant to the'file:///data_backup_dest/key'path.obclient [oceanbase]> ALTER SYSTEM BACKUP KEY TO 'file:///data_backup_dest/key';