[mysqld]

{% if galera_mariadb_encryption_plugin == "file_key_management" %}
# File Key Management
loose_plugin_load_add = file_key_management
file_key_management_filename = /etc/mysql/encryption/keyfile.enc
file_key_management_filekey = FILE:/etc/mysql/encryption/.keyfile.key
loose_file_key_management_filekey = FILE:/etc/mysql/encryption/.keyfile.key
file_key_management_encryption_algorithm = AES_CTR
{% endif %}

{% if galera_mariadb_encryption_plugin == "aws_key_management" %}
# not implemented yet
# aws_key_management_master_key_id=alias/<your key's alias>
{% endif %}

# InnoDB/XtraDB Encryption
innodb_encrypt_tables = FORCE
innodb_encrypt_temporary_tables = ON
innodb_encrypt_log = ON
innodb_encryption_threads = 4
innodb_encryption_rotate_key_age = 1

encrypt_binlog=ON