6.4.4.10 Keyring Command Options
MySQL supports the following keyring-related command-line options:
--keyring-migration-destination=
plugin
Property Value Command-Line Format --keyring-migration-destination=plugin_name
Introduced 5.7.21 Type String The destination keyring plugin for key migration. See Section 6.4.4.7, “Migrating Keys Between Keyring Keystores”. The format and interpretation of the option value is the same as described for the
--keyring-migration-source
option.Note--keyring-migration-source
and--keyring-migration-destination
are mandatory for all keyring migration operations. The source and destination plugins must differ, and the migration server must support both plugins.--keyring-migration-host=
host_name
Property Value Command-Line Format --keyring-migration-host=host_name
Introduced 5.7.21 Type String Default Value localhost
The host location of the running server that is currently using one of the key migration keystores. See Section 6.4.4.7, “Migrating Keys Between Keyring Keystores”. Migration always occurs on the local host, so the option always specifies a value for connecting to a local server, such as
localhost
,127.0.0.1
,::1
, or the local host IP address or host name.--keyring-migration-password[=
password
]Property Value Command-Line Format --keyring-migration-password[=password]
Introduced 5.7.21 Type String The password for connecting to the running server that is currently using one of the key migration keystores. See Section 6.4.4.7, “Migrating Keys Between Keyring Keystores”. If you omit the
password
value following the option name on the command line, the server prompts for one.Specifying a password on the command line should be considered insecure. See Section 6.1.2.1, “End-User Guidelines for Password Security”. You can use an option file to avoid giving the password on the command line. In this case, the file should have a restrictive mode and be accessible only to the account used to run the migration server.
--keyring-migration-port=
port_num
Property Value Command-Line Format --keyring-migration-port=port_num
Introduced 5.7.21 Type Numeric Default Value 3306
For TCP/IP connections, the port number for connecting to the running server that is currently using one of the key migration keystores. See Section 6.4.4.7, “Migrating Keys Between Keyring Keystores”.
--keyring-migration-socket=
path
Property Value Command-Line Format --keyring-migration-socket={file_name|pipe_name}
Introduced 5.7.21 Type String For Unix socket file or Windows named pipe connections, the socket file or named pipe for connecting to the running server that is currently using one of the key migration keystores. See Section 6.4.4.7, “Migrating Keys Between Keyring Keystores”.
--keyring-migration-source=
plugin
Property Value Command-Line Format --keyring-migration-source=plugin_name
Introduced 5.7.21 Type String The source keyring plugin for key migration. See Section 6.4.4.7, “Migrating Keys Between Keyring Keystores”.
The option value is similar to that for
--plugin-load
, except that only one plugin library can be specified. The value is given asname
=
plugin_library
orplugin_library
. Thename
is the name of a plugin to load, andplugin_library
is the name of the library file that contains the plugin code. If the plugin library is named without any preceding plugin name, the server loads all plugins in the library. The server looks for plugin library files in the directory named by theplugin_dir
system variable.Note--keyring-migration-source
and--keyring-migration-destination
are mandatory for all keyring migration operations. The source and destination plugins must differ, and the migration server must support both plugins.--keyring-migration-user=
user_name
Property Value Command-Line Format --keyring-migration-user=user_name
Introduced 5.7.21 Type String The user name for connecting to the running server that is currently using one of the key migration keystores. See Section 6.4.4.7, “Migrating Keys Between Keyring Keystores”.