Skip to content

storageccl: Add a decrypt-store command #65798

Closed
Closed
storageccl: Add a decrypt-store command#65798
Labels
A-storageRelating to our storage engine (Pebble) on-disk storage.C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)N-followupNeeds followup.O-postmortemOriginated from a Postmortem action item.T-storageStorage Team
@itsbilal

Description

@itsbilal
itsbilal
opened on May 27, 2021

Currently, the only way to remove encryption on a node that has
had encryption-at-rest enabled is to set the --enterprise-encryption flag
with old-key=...,new-key=plain, then wait for each file on disk to be
rewritten lazily (a process that can take a long time), then confirm no encrypted files remain
(using cockroach debug encryption-status),
then remove the flag and manually delete the file registry
in the store directory.

Other workarounds are to delete the node and add a clean unencrypted node,
or to force a manual compaction and hope that every file gets rewritten.

Operators would benefit a lot from having a decrypt or decrypt-store command.
This command would be called on a node that's offline already, and it could rewrite
every still-encrypted-file without encryption and with the same file name, and
then delete the file registry. This would allow the user to drop the --enterprise-encryption
flag much more quickly than they would be able to with the lazy decryption approach.

Jira issue: CRDB-7755

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-storageRelating to our storage engine (Pebble) on-disk storage.C-enhancementSolution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)N-followupNeeds followup.O-postmortemOriginated from a Postmortem action item.T-storageStorage Team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions