Skip to content

Commit

Permalink
br: Add the tag of experimental-feature into encrypt-br (pingcap#6832)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Liuxiaozhen12
Liuxiaozhen12 authored Nov 17, 2021
1 parent efca7c7 commit 9c07085
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions br/use-br-command-line-tool.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ LAST_BACKUP_TS=`br validate decode --field="end-version" -s local:///home/tidb/b

In the above example, for the incremental backup data, BR records the data changes and the DDL operations during `(LAST_BACKUP_TS, current PD timestamp]`. When restoring data, BR first restores DDL operations and then the data.

### Encrypt data during backup
### Encrypt data during backup (experimental feature)

Since TiDB v5.3.0, TiDB supports backup encryption. You can configure the following parameters to encrypt data during backup:

Expand All @@ -256,6 +256,7 @@ Since TiDB v5.3.0, TiDB supports backup encryption. You can configure the follow

> **Warning:**
>
> - This is still an experimental feature. It is **NOT** recommended that you use it in the production environment.
> - If the key is lost, the backup data cannot be restored to the cluster.
> - The encryption feature needs to be used on BR tools and TiDB clusters v5.3.0 or later versions, and the encrypted backup data cannot be restored on clusters ealier than v5.3.0.
Expand Down Expand Up @@ -509,9 +510,13 @@ br restore full -f 'mysql.usertable' -s $external_storage_url --ratelimit 128
>
> Restoring system tables might cause more compatibility issues. To avoid unexpected issues, **DO NOT** restore system tables in the production environment.
### Decrypt data during restore
### Decrypt data during restore (experimental feature)
After encrypting the backup data, you need to pass in the corresponding decryption parameters to restore the data. You need to ensure that the decryption parameters and encryption parameters are consistent. If the decryption algorithm or key is incorrect, the data cannot be restored.
> **Warning:**
>
> This is still an experimental feature. It is **NOT** recommended that you use it in the production environment.
After encrypting the backup data, you need to pass in the corresponding decryption parameters to restore the data. You need to ensure that the decryption parameters and encryption parameters are consistent. If the decryption algorithm or key is incorrect, the data cannot be restored.
The following is an example of decrypting the backup data:
Expand Down

0 comments on commit 9c07085

Please sign in to comment.