Purpose
This function is used to trigger the archiving of the currently writing audit log file and generate a new encryption key when audit log encryption is enabled. Subsequent newly generated archive files will be encrypted using the new key. Typical use cases include key rotation or in conjunction with security policy changes.
Applicability
This topic applies only to OceanBase Database Enterprise Edition. OceanBase Database Community Edition does not support the audit feature.
Note
This function is supported starting from V4.4.2 BP2.
Syntax
AUDIT_LOG_ENCRYPTION_PASSWORD_SET();
Privilege requirements
You must have the SUPER privilege to use this function.
Description
Parameters
This function has no parameters.
Limitations
- Similar to other audit functions: it must be directly and uniquely used as an output column in a
SELECTstatement and cannot be used in subqueries. For more information, see the usage restrictions and considerations in Overview of audit functions. - This function is only applicable to scenarios where audit records are written to disk files (
audit_trailisLOG).
Return value
The function has no input parameters and returns a string.
- When the operation is successful, the function returns
OK. - When the operation fails, the
SELECTstatement may still execute successfully, and the function returns an error message.
Examples
Rotate the key and archive the current audit logs.
SELECT AUDIT_LOG_ENCRYPTION_PASSWORD_SET() FROM DUAL;
The return result is as follows:
+-----------------------------------------+
| AUDIT_LOG_ENCRYPTION_PASSWORD_SET() |
+-----------------------------------------+
| OK |
+-----------------------------------------+
1 row in set
